ML20094E464
| ML20094E464 | |
| Person / Time | |
|---|---|
| Site: | 05000605 |
| Issue date: | 01/17/1992 |
| From: | GENERAL ELECTRIC CO. |
| To: | |
| Shared Package | |
| ML20094E462 | List: |
| References | |
| NUDOCS 9201240140 | |
| Download: ML20094E464 (102) | |
Text
. . .
,O GE NUCLEAR ENERGY TIER 1 DESIGN CERTIFICATION MATERIAL PILOT ITAAC EXAMOLES O pon THE GE ABWR DESIGN I
l
[
?I 1
1 i
O JANUARY 17,1992 P A O O OS 4 em g
ABWR ooste2 cocument '
O v !
l.
TABLE OF CONTENTS
- i
1.0 INTRODUCTION
f 1.1 Pil.OT EX Ah1Pl.ES OF'- 'R 151ATERIAl. INDIVIDUAL.SiSTEhtS
. I 2.1.1 Reactor l'resse:c Vessel Systeni 2.2.4 Standby Liquid Control System ,
2.2.7 Reactor Protection Systent l 2.4.1 Residual licat Reinoval (RllR) System i
.2.11 Reactor Water Cleanup System ,
f'.10.23 Circulating Water System l 2.11.3 Reactor 11uilding Cooling Water System ;
2.12.13 Emergency Diesel Generator System (Standby AC Power Supply) i 2.lii.12 - Control lluilding 3.0 - EXAMPLES OF GENERIC AND DAC TrAAC 3.1 EliVIRONh1 ENTAL QUALIFICATION (EQ) GENERIC ITAAC-3.2 . RADIATION PROTECTION DAC ITAAC 3.3 - CONFIGURATION hiANAGEh1ENT Pi AN DAC ITAAC f
- 3. hiAN-hiACIilNE INTERFACE SiSTEhtS (hthilS) DESIGN TEAh! DAC :
.i i
i l
i~
J l
L J.
1/17/92 r
, , - . . _ - . . ~ - - . , . ; .. , . . . . - . , . .
m ABWR 0:sion 0:cument b 1,0 INTRODUCTION The purpose of this memorandum is to present examples of proposed Tier i design certification material for the GE AllWR. This versioe - dated 1/17/1992 and is an update of the original memorandum dated 9/2L '191. It includes revisions that:
- 1) reflect NRC conunents on the 9/20/91 version
- 2) present examples of generic and design acceptance criteria (DAC) inspections, tests, analyses and acceptance criteria (ITAAC).
Section 2 contains revised versions of the material for each of the nine AllWR systems chosen for pilot examples. Each pilot starts with a pioposed Tier 1 design description and then provides suggested inspections, tests, analyses, and acceptance criteria (ITAAC) hased on the design description contents. The scope of these pilots is based on the nuclear industris cm rent understanding of the guiding principles governing scope and contem of Tier 1 material. As presented in the NU.\1 ARC report of the Task Fmce on inspections, Tests, Analyses and Acceptance Criteria, NU.51 ARC 90-15, December 1990. An important supplementary document is the GE memorandum " Guidelines Ihr 3 Preparation ofInspections, Tests, Analyses and Acceptance Criteria (ITAAC)",
(V A.J. James, December 1991.
As a result of ongoing discussions with NRC,it has become cicar that the AllWR design certification ITAAC material will eventually include entries that are not part of the system-by system apprc,ach that forms the basis for the nine pilot examples. These non-system attics willinclude:
generic / discipline ITAAC design acceptance criteria (DAC) ITAAC Plant interface ITAAC Section 3 provides exampics of the first two categories of non-system TAAC material. It is intended these items also be considered pilots in that they are reuresentative examples which can he used to reach agreement on the required scope and content of this type ofITAAC.
It is intended that this memorandum be distributed to interested parties for review and comment. Iktsed on feedback from this :eview, GE will (if necessary) modify the scope ami content guidelines and will then initiate preparation of a full set of AllWR design descriptions and ITAAC for submittal to NRC as part of (v ) the AllWR design certification application.
l l
1/17/92
ABWR oesign Document l 1.1 PILOT EXAMPLES OF TIER 1 MATERIAL INDIVIDUAL SYSTEMS This section provides pilot examples or Tier i design descriptions and their associated ITAAC. These pilots have been chosen with the objective of covering representative examples of nuclear island mechanical systems, turbine island mechanical systems, structural / civil items, electrical systems, control and instrumentation estems. The section numbering system is based on the AllWR product structure.
Figure Information For a number of the ITAAC, simplified figmes have been included to help facilitate the design description. The figures contain information that uses the lohowing conventions:
1.ine classification:
ASME Code Class 1 ----------
ASME Code Class 2 - - - - - - - - - -
ASME Codo Class 3 Non ASME code - - - - - - - - -
Instrumentation:
Flow element FE Restricting orifice RO Temperature element TE Radiation element RE Level indicator 1.
Pressure indit ator P O
1.1 1/17/92
ABWR Design 0:cument gv _
IUjuipinent:
Gate valve l><
Globo valve $311 Check valve d Valve type not specified Y Relief valve I Open cirucit breaker ii Closed circuit breaker M Annunciator H (H.high L= low) A Valves are shown on the figures in their normal postition.
Vahe Operators:
,m.,
t) Giotor M Nitrogen N Air A l
I m
'%./
1.1 -3~ 1/17/92
ABWR Design Docum:nt A
i V 2.1.1 Reactor Pressure Vessel System Design Description The reactor pressure vessel synem (RPVS) consists of (1) the reactor pressure vessel and its appurtenances, supports and insulation, and (2) the teactor internals enclosed by the vessel, excluding the core, in-core nuclear instrumentation, reactor internal pumps and control roc' drives.
The reactor coolant pressure boundary (RCPil) portion of the RPVS retains integrity as a radioactive material barrier during normal operation and following abnormal operational transients and design basis accidents.
Certain reactor pressure vessel (RPV) internals support the core, flood the core during a design basis accident, and support instrumentation utilized during a design basis accident. Other RPV internals direct coolant flow, separate steam, hold material surveillance specimens and support instrumentation utilized Ihr normal cperation.
The reactor pressure vessel system provides guidance and support for the control rod drives. It also admits and distributes the sodium pentaborate from g the standby liquid control system.
LJ The RPV system restrains the control rod drive (CRD) in order to prevent the ejection of the control rod connected with the LRD in the event of a postulated failure of the reactor coolant boundary associated with the CRD housing. A restraint is also provided for the reactor internal pump (RIP) in order to prevent it from becoming a missile in case of a postulated failure of the reactor coolant boundary associated with the reactor internal pump.
Reactor Pressure Vessel, Appurtenances, Supports and Insulation The reactor pressure vessel (RPV), as shown schematically in Figure 2.1.1, consists of a vertical, cylindrical pressure vessel of welded construction, removable top head and head closure bolting and seals. The vesselincludes the cylindrical shell, flange, bottom head, reactor internal pump (RIP) casings, penetrations, brackets, noules, venturi shaped flow restrictors in the steam outlet noales, and the shroud support which includes the pump deck forming the partition between the RIP suction and discharge. The shroud support is an assembly consisting of a vertical circular plate, a horizontal annular pump deck plate and vertical stilt legs. This support carries the weight of peripheral fuel elements, neutron sources, core plate, top guide, shroud and shroud head with sttam separators. It also suppm ts laterally the fuel assemblics and the pump dilTusers. The shroud support also sustains the difTerential pressures.
O The control rod drives are mounted into the control rod drive housings.
Sodium pentaborate solution from the standby liquid control system enters the vessel via one of the two high pressure core flooding lines and is distributed through the sparger connected to the line. 1 2.1.1 1/17/92
ABWR 0: sign Document m
)
The control rod drive housings are inserted through and connected to the control rod drive penetrations (stub tubes) in the reactor vessel bottom head.
The in< ore neutron Hux monitor housings are inserted through and connected to the bottom head.
A Hanged noule is provided in the top head ihr bolting of the Hange associated uith the instrumentation for vibration test ofinternals.
The integral reactor vessel skirt suppor ts the vessel on the RPV pedestal. Steel anchor bolts extend through the pedestal and secure the Hange of the skirt to the pedestal. RPV stabilizers are prosided in the upper portion of the RPV to resist horizontal loads. Lateral supports among the CRD housings and in-core housings are provided by restraints which at the periphery are supported ofTthe CRD housing restraint beams.
A restraint consisting of a paii of energy absorbing rods is provided to preve,t the RIP from being a missile in case of a failme in the casing weld with the bottom head penetration. The restraint is connected to lugs on the RPV bottom head and the RIP motor cover.
The reactor pressure vessel insulation is supported from the biological shield wall surrounding the vessel. Insulation for the upper head and Hange is
(]
U supported by a steci frame independent of the vessel and piping. Insulation access panels and insulation around penetrations are designed for case of installation and removal for vessel inservice inspection and maintenance operation.
The reactor coolant pressure boundary partion of the RPV and appurtenances and the supports (RPV skirt, stabilizer and CRD housing /in-core housing restraints and beams) are classified as Quality Group A, Seismic Category 1. The design, materials, manufacturing, fabrication, testing, examination, and inspection used in the construction of these components meet requirements of ASME Code Class 1 vessel and supports, respectively. The shroud support is chtssified as Quality Group C, Seismic Category 1, and designed and fabricated to ASME Code Class CS, core support structures. Hydrostatic test of the RPV is performed in accordance with the requirements for ASME Code Class 1 vessels.
l The design pressure and temperature of the RPV are 87.9 kg/cm2g and 302 C, respectively. The components are code-stamped according to their code class.
The materials used in the reactor coolant pressure boundary (RCPil) portion of the RPV and appurtenances are as listed here and these or their equivalents will be used: ASME SA-533, Type II, Class 1 (plate); SA-508, Class 3 (forging);
SA-508. Class 1 (forging); Sil-166, Type 600 (UNS 06600, forging); SA-182, p
V F316L (maximum carbon 0.020%) or F316 (maximum carbon 0.020% and o
nitrogen from 0.060 to 0.120%, r rgir.g); and SA-540, Grade 1523 or 1124 (bolting).
2.1.1 1/17/92
ABWR Design occument The materials of the low alloy plates and forging used in construction of the RPV are melted to fine grain practice and are supplied in quenched and tempered condition. Vacuum degassing is perfbrmed to lower the hydrogen level and improve the cleanliness of the low-alloy steels.
Electroslag welding is not applied Ibr structural welds. Preheat and imerpass l temperatures employed for welding oflow alloy steel meet or exceed the values l given in ASME, Section 111, Appendix D. Post weld heat treatment at 593 C minimum is applied to all low-alloy steel welds.
Pressur e boundary welds are given an ultrasonic examination in addition to the radiographic examination performed during fabrication. The ultrasonic examination method, including calibration, instrumentation, scanning sensitivity, and emerage,is based on the requirements imposed by ASME,Section XI, Appendix 1. Acceptance standards ate equivalent or more restrictive than required by ASME,Section XI.
A stainless steel weld overlay is applied to the interior of the cylindrical shell and the steam outlet nozzle. Other nozzles and the RIP motor casing do not have cladding. The bottom head is clad with Ni-Cr-Fe alloy. The RIP penetrations are clad with Ni-Cr-Fe alloy or stainless steel alternatively.
(_\
f The fracture toughness tests of pressure boundary ferritic materials, weld metal and heat affected mue (H AZ) are performed in accordance with the requirements for ASME Code Class 1 vessel. Iloth longitudinal and transverse specimens are used to determine the minimum upper shelf energy level of the core beltline materials. Separate, unirradiated baseline specimens are used to determine the transition temperature curve of the core beltline base materials, weld metal and HAZ.
For the vessel material surveillance program, specimens are manufactured from the material actually used in the reactor beltline region and weld typical of those in the beltline region, thus representing base metal, weld material, and the weld heat-alTected zone material. The plate and weld specimens are heat treated in a manner which simulates the actual heat treatment perfbrmed on the core region shell plates of the completed vessel. Each in-reactor surveillance capsule contains Charpy V-aotch specimens of base metal, weld metal, and heat-alTected zone material, and tensile specimens from base metal and weld metal. Ilrackets are welded to the vessel cladding in the core belt region for retention of the detachable holders, each of which contains a number of the specimen capsules.
Neutron dosimeters and temperature monitors are located within the capsules.
Access fbr examinations of the installed RPV is incorporated into the design of Q
v the vessel, biological shield wall and vessel insulation.
2.1.1 1/17/92
ABWR Design occument m
L) Reactor Pressure VesselInternals The major reactor internal components that are included in the RPVS are:
- a. Core Support Structures:
Shroud; shroud support (integral to the RPV and including the internal pump deck); core plate; top guide; fuel supports (orificed fuel supports and peripheral fuel supports); control rod guide tubes; and
- b. Other Reactor Internals:
Control rods; feedwater spargers; RHR/ECCS low pressure flooding spargers; ECCS high pressure core flooding spargers and coupling; in-core guide tubes and stabilizers; core plate dif ferential pressure lines:
surveillance specimen holders; shroud head and steam separators assembly; and steam drTer assembly, i A general assembly drawing of these reactor internal components is shown in Figure 2,1.1. The core support structures locate and support the fuel assemblics, Ibrm partitions within the reactor vessel to sustain pressure differentials across
-,3 the partitions, and direct the flow of the coolant water.
'in The shroud support, shroud, and top guide make up a stainless steel cylindrical assembly that provides a partition to separate the upward flow of coolant through the core from the downward recirculation flow. This partition separates the core region from the downcomer annulus.
The core plate consists of a circular stainless steel plate with rounct openings and is stiffened with a rim and beam structure. The core plate prmides lateral support and guidance for the control rod guide tubes,in-core flux monitor guide tubes, peripheral fuel supports and startup neutron sources. The last two items are also supported vertically by the core plate.
The top guide consists of a circular plate with square openings for fuel with a cylindrical side forming an upper shroud extension. Each opening provides lateral support and guidance for four fuel assemblics or,in the case of peripneral fuel,less than four fuel assemblies. Holes are provided in the bottom of the support intersections to anchor the in-core instrumentation detectors and startup neutron sources.
The fuel supports are of two types. The peripheral fuel supports are located at the outer edge of the active core and are not adjacent to control rods. Each n peripheral fuel support supports one peripheral fuel assembly and contains an s
) orifice to provide coolant flow to the fuel assembly. Each orificed fuel support supports four fuel assemblies vertically upward and horizontally and contains four onfices to provide coolant flow distribution to each fuel assembly. The orifictd fuel supports rest on the top of the control rod guide tubes which are 2.1.1 1/17/92
ABWR Design 0:cument q
b supported laterally by the core plate. The control rods pass through cruciform openings in the center of the orificed fuel support.
The control rod guide tubes located inside the vessel extend from the top of the control rod drive housings up thiough holes in the core plate. Each guide tube is designed as the guide for the lower end of a control rod and as the support for an orificed fuel support. This locates the four fuel assemblies surrounding the control rod. The lower end of the of the guide tube is supported by the control rod drive housing, which in turn transmits the weight of the guide tube, fuel supports, and fuel assemblics to the reactor vessel bottom head. The control rod guide tubes also contain holes, near the top of the control rod guide tube and below the core plate, for coolant flow to the orificed fuel supports.
The control rod guide tube base is prosided with a device for coupling contr ol rod drive (CRD) with it, The CRD is restrained from ejection,in the case of a stub tube weld failure, by the coupling of the CRD with the control rod guide tube base;in this event, the flange at the top of the guide tube will contact the core plate and restrain the ejection. The coupling will also prevent ejection if the housing fails at the stub tube weld; in this event, the guide tube remains supported on the intact upper housing.
(3 The control rods are cruciform shaped neutron absorbing members that can be V inserted or withdrawn from the core by the control rod drives to control
- reactivity and reactor power.
Each of the two feedwater lines is connected to three spargers via three RPV nozzles. The feedwater spargers, which also function as ECCS high or low pressure flooding spargers depending upon their connection to the line designated to receive high pressure or low pressure coolant flooding supply, respectively, are stainless steel headers located in the mixing plenum above the downcomer annulus. Each sparger in two halves, with a tec connected in the middle,is F?ted to each feedwater nozzle with the tee. The sparger tee inlet is connected to the RPV noule safe end by a double thermal sleeve arrangement.
Feedwater flow enters the center of the spargers and is discharged radially inward to mix the cooler feedwater with the downcomer flow from the steam separators and steam dryer before it contacts the vessel wall.
The design feature of the two residual heat removal (RHR) shutdown cooling system spargers, which also function as ECCS low pressure flooding (LPFL) spargers, is similar to that of the feedwater spargers. Two lines of RHR shutdown cooling system enter the reactor vessel through the two diagonally opposite nozzles and connect to the spargers. The sparger tee inlet is connected to the RPV noule safe end by a thermal sleeve arrangement.
The two ECCS high pressure core ficoding (HPCF) spargers and couplings are the means for directing high pressure ECCS flow to the upper end of the core.
Each of the two HPCF lines enters the reactor vessel through a diagonally opposite nozzle with a thermal sleeve arrangement. The curved sparger i
1 2.1.1 1/17/92
ABWR Desion 0:cument p
i
/
including the connecting tee is located around the inside of and is supporte,1 by the cylindrical portion of the top guide. The sparger tee is connected to th e thermal sleeve by the llPCF coupling.
in-core guide tubes protect the in-core flux monitoring instrumentatior from flow of water in the bottom head plenmn. The in-core guide tubes exten:1 from the top of the in-cor e housing to the top of the core plate. The local power rang monitoring (IERM) detectors for the power range neutron monitoring (PRNM) system and the detectors for the startup range neutron monitoring (SRNM) system are inserted through the guide tubes.
Two levels of stainless steci stabilizer latticework of clamps, tie bars and spacers give lateral support and rigidity to the guide tubes. The stabilizers are connected to the shroud and shroud support.
The core plate dilTerential pressure (DP) lines enter the reactor vessel through )
reactor bottom head penetrations. Four pairs of the core plate DP lines enter the head in four quadrants through four penetrations and terminate immediately above and below the core plate to sense the pressure in the icgion outside the bottom of the fuel assemblies and below the core plate during normal operation.
d Surveillance specimen capsules, which are held in capsule holders mentioned earlier, are located at three azimuths at a conunon elevation in the core behline region. The capsule holders are non-safety related internals. The capsule holders are mechanically retained by capmle holder brackets welded to the vessel cladding in order to allow their removal and reattachment.
The shroud head and steam separators assembly includes the cc.nnecting standpipes and forms the top of the core discharge mixture plenum. The steam dryer assembly removes moisture from the wet steam leaving the steam separators. The extracted moisture flows down the dryer vanes to the collecting troughs, then flows through tubes into the downcomer annulus. The shroud head and steam separators assembly and the steam dryer assembly are non-safety related internals.
The core support structures are chtssified as Quality Group C, Seismic Category I. The design, materials, manufacturing, fabrication, examination and inspection used in the construction of the core support structures meet requirements of ASME Code Chtss CS structures. These structures are code-stamped accordingly. Other reactor internals are designed per the guidelines of ASME Code NG4000 and are constructed so as not to adversely affect the integrity of the core support structures as required by NG-1122.
p V Special controls are exercised when austenitic stainless steel is used for construction of RPV internals in order to avoid cracking during service.
I 2.1.1 1/17/92
ABWR Design occument O Design and construction of the RPV internals assure that the internals can withstand the efTetts of flow induced vibration (FIV).
Inspection, Test, Analyses and Acceptance Criteria Table 2.1.1 provides a definition of the instructions, tests, and/or analyses together with associated acceptance criteria which will be undertaken Ihr the reactor pressure vessel system.
O O
2.1.1 1/17/92
p h.. . h.,. O
- t. ' Table 2.1.1: REACTOR PRESSURE VESSEL SYSTEM Inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment'- ' Inspections Tests, Analyses ' Acceptance Criteria
- 1. System configuration of the reactor' 1. -Visual field inspections will be conducted - 1. The installed configuration of the RPVS will pressure vessel system (RPVS) as of the installed RPVS key components be considered acceptable if it complies described in Section 2.1.1.1 is shown On identified in.Section 2.1.1 and Figure 2.1.1. with Figure 2.1.1 and Section 2.1.1.
Figure 2.1.1.
- 2. The reactor coolant pressure boundary 2. Inspections will be conducted of ASME 2. Existence of necessary ASME Code (RCPB) portion of the RPV and Code required documents and the Code ' required dc. sments and the code stamps appurtenances and their supports are stamp on the components. on the components confirm that the classified as Qua!ity Group A, Seismic - components in the RCPB of the RPV and Category 1. These components are _ the supports, ar d the core support.
designed, fabricated, examined and - structures are designed, fabricated and hydrotested in accordance with the rules of examined as ASME Code Class 1 and CS ASME Code Class 1 vessel or component respectively. This also confirms that the support, and are code stamped ' RPV is hydrotested per the ASME Code -
accordingly. The core support structures Class ; requirements.
are Quality Group C. Seismic Category I, h and are designed, fabricated and examined in accordance with the rules of ASME Code Class CS structures, and are code-stamped
, accordingly..
- 3. The RCPB of the RPVS retains its integrity 3. A hydrostatic test of the RCPB will be 3. The results of the hydrostatic test must under internal pressure that will be conducted in accordance with the ASME conform with the requirements in the experienced during the service. Code requirements. ASME Code.
- 4. The materials used for RCPB portion of the 4. Inspection will be conducted of the records 4 Records of the materials and processes RPV cnd appurtenances are certain proven of materials, fabrication, and examination must confirm that the requirements low and high alloy steels with certain - used in construction of the RCPB and specified for the RCPB in Section 2.1.1 are additional requirements for construction, austenitic stainless steel reactor internals. satisfied and that the manufacture and as identified in Section 2.1.1. Special fabrication of the RPV internals made of controls are exercised when austenitic austenitic stainless steel avoid potential for s*ainless steel 's used for construction of cracking in service.
RPV internals ir order 2 avoid crackir g during service. VaVidation Attributes:
The following special controls are e exercised when austenitic stainless steel is -
used in manufacture and fabrication of '
O O OL 1
[
Table 2.1.1: ~ REACTOR PRESSURE VESSEL SYSTEM (Continued)
- Inspections, Tests, Analyses and Acceptance Criteria 1
Certified Design Commitment inspections, Tests, Analyses Acceptance Criteria ;
- 4. (Continued)
- RPVS internals. Where stainless steel _[
surfaces are exposed to water at !
temperatures above 93'C, low carbon !
(0.020% maximum) or nuclear grede ;
materials (maximum C=0.020% with .
nitrogen added) or CF3 type castings are used. All materials are supplied in the '
solution heat treated condition. f Sensitication tests are applied to assure that the material is in the annealed ;
condition. During fabrication, any heating I operation (except welding) between 427' !
982'C b avoided, unless followed by i solution heat treatment. During welding, !
i heat input and interpass temperature are i i controlled. Weld filler material used is -i Type 3081/316U309L or equivalent. All [
weld filler materials used have a minimum of 8 FN average (ferrite number) !
determined on undiluted weld pads by i magnetic measuring instruments. During [
fabrication, cold work is controlled by i applying limits in hardness, bend radii and ;
surt' ace finish on ground surfaces. Process (
controls are exercised during all stages of component manufacturing. fabrication and installation to minimize contaminants. Surface contaminants are removed prior to any heating operations.
- 5. The ferritic materials used in RCPB portion 5. Fracture toughness tests of the ferritic 5. Records of the fracture toughness data of of the RPV and appurtenances are not base, weld and heat affected zone (HAZ) the RCPB ferritic materials must confirm susceptable to brittle fracture under metal used in the RCPB will be conducted - ' that 1) the requirements of the ASME Code pressure during the service. in accordance with the requirements for are met, and 2) the reactor vessel beltline g ASME Class 1 components. materials will not be susceptible to brittle c fracture during the service.
ib N
O O O N Table 2.1.1: REACTOR PRESSURE VESSEL SYSTEM (Continued) e 1
' Inspections, Tests, Analyses and Acceptance Criteria inspections, Tests, Analyses Acceptance Criteria Certified Design Commitment
- 5. (Continued)
Validation Attributes:
l a. The minimum upper-shelf energylevel for base and weld metal in reactor vessel beltline must be 10.4 kg-m.
- b. The predicted minimum upper-shelf energy level for base and weld metal in reactor vessel beltline at end of life must be 6.9 kg-m.
- c. The predicted value of adjusted reference temperature, RTNDT, of base and weld metalin reactor vessel beltline at end of life must be 93'C or
$ less.
Inspection wi!! be conducted of the records 6. Records of the specimens with respect to
- 6. Specimens for % . saance program 6.
location and orientation, types (tensile or are selected fror the vessel base metal of the specimens selected from the reactor beltline region. Charpy V-notch), and quantities must meet and weld metal. the requirements of ASTM E-185
- 7. A vibration test will be conducted of the 7. Reactor vessel internals vibration is
- 7. Design and construction of the RPV considered acceptable when results of the reactor internals to verify the adequacy of internals assure that the internals can vibration analysis, vibration measurement the internals design, manufacture, and withstand the effects of flow induced testing and inspection of the internals vibration (FIV). assembly with respect to the potential effec's of FIV. The first-of-a-kind prototype indicate no sign of damage, loose parts, or internals will be flow tested by vibration excessive wear in the prototype test. The instrumentation followed by inspection for vibration of reactor internals in subsequent damage. The internals in subsequent plants is corisidered acceptable when plants will be flow tested, but witl out inspection of the internals indicate no s#gn vibration instrumentation, followed by of damage, loose parts, or excessive wear.
inspection for damage.
5
'O O O q Table 2.1.1: REACTOR PRESSURE VESSEL SYSTEM (Continued) :
u inspections, Tests, Analyses and Acceptance Criteria j Certified Design Commitment :nspections, Tests, Analyses Acceptance Criteria
- 8. Access for examinations of the RPV is 8. Visual inspection will be conducted of 8. Provisions for access in the design of the incorporated into the design of the vessel, accessibility for examinations of the vessel vessel, bio;ogical shield wall, and vessel i biological shield wall and vessel insulation. and welds. insulation shall be, in the minimum, as follows:
The shield wall and vessel insulation behind the shield wall must be spaced L away from the RPV outside surface.
Access for the insertion of automated I devices must be provided through removable insulation panels at the top of j the shield wall and at access ports at . ;
reactor vessel nozzles. Access to the reactor pressure vessel welds above the - [
top of the biological shield wall must be . i
. provided by removable insulation panels.
7 The closure head must have removable insulation to provide access for manual ultrasonic examinations of its welds.
Accets to the bottom head to shell weld ' I must be provided through openings in the RPV support pedestal and removable insulation panels around the cy!indrical lower portion of the vessel Access must !
be provided to partial penetration nozzle welds,i.e CRD penetMtions, i instrumentation nozzles and recirculation i internal pump penetration welds, for ;
performance of the visual examinations. !
Access must be provided for examination !
of the attachment weld between the !
support skirt knuckle (forged integrally on the shell ring) and the RPV support skirt. ;
Access must be provided to the balance of .!
the support skirt for performance of visual j g '
examination. l 5n ,t s
s m-
ABWR 0: sign D:cument 6:
V Figure 2.1.1 REACTOR PRESSURE VESSEL SYSTEM KEY FEATURES VfBRATION --
INSTRUMENTATION J
CLOSURE HEAD > l STEAM FLOW RESTRICTOR STEAM DRYE -
t___ l __ g -
g -
3 STEAM OUTLET STEAM SEPARATOR ,
L
"~ d SHROUD HEAD
. LOW PRESSURE FLOODING SPARGER ) '
,wnu ,
,,, , e g'~' FEEDWATER SPARGER
, y SHUTDOWN COOLING INLET i t
> f # HPCFINLET w u
, #u u HPCF COUPLING
{
.'P HIGH PRESSURE COR CONTROL ROD II I
FLOOD lNG SPARGER -
l
- y CORE PLATE TOP GUIDE Ij /
SURVEILLANCE # # t }l 1 ,/ SHROUD SPECIMEN HOLDER I 11 f - PERIPHERAL FUEL ORIFICED FUEL SUPPORN , lll p SUPPORT L h CORE PLATE DP LINE
( '
- (NOT SHOWN) ATTACHED I 4- TO SHROUD AND SHROUD RPV SUPPORT SKIRT ec:x -
SUPPORT LEGS ANCHOR BOLT # p yl ,
N IN-CORE GUIDETUBE AND STABILIZERS CONTROL ROD GUIDE TUBE _. ,_
ac= ,p i l SHROUD SUPPORT INSULATIOP kh y6' l RIP RESTRAINT "" l t REACTOR INTERNAL N"3 L J i
' ' PUMP CASING CRD HOUSING g; 3 ;g IN CORE HOUSING CRD RESTRAINT BEAM' (h
%)
2.1.1 -~12- 1/17/92
. _ , _ . _ - . _ . - , , , ,.. . . _ _ _ . . _. _ . . . , , . .. _ . ~
ABWR oesign Document O 2.2.4 Standby Liquid Control System The standby liquid control system (SLCS) is design to inject neutron absorbing poison using a boron solution into the reactor and thus proside back-up reactor shutdown capability independent of the normal reactisity control system based on insertion of control rods into the core. The system is capable of operation over a wide range of reactor pressure conditions up to and including the elevated pressures associated with an anticipated plant transient coupled with a failure to scram (ATWS).
The standby liquid control system (SLCS) is designed to proside the capability of bringing the reactor, at any time in a cycle, from full power and at all conditions to a subcritical condition with the reactor in the most reactive xenon-free state without control rod movement. f The SLCS consists of a boron solution storage tank, two positive displacement pumps, two motor operated injection valves which are provided in parallel for ,
redundancy and associated piping and valves used to transfer borated water from the storage tank to the reactor pressure vessel (RPV). The borated solution is discharged through the 'lY high pressure core Dooder (HPCF) subsystem sparger. Figure 2.2.4 shows major system components. Key equipment performance requirements are:
- a. Pump flow 100 gpm with both pumps running
- a. Maximum reactor pressure 1250 psig (for injection)
- a. Pumpable volume in 6100 U.S. gal storage tank (minimum)
The required volume of solution contained in the storage tank is dependent upon the solution concemmt ion and this concentration can vary during reactor operations. A required boren solution volume / concentration relationship is used to define acceptable SIES storage tank conditions during plant operation.
The SLCSis automaticallyinitiated duriag an ATWS or can be manually initiated from the main control room. When the SLCS is automatically initiated to inject i liquid neutron absorber into the reactor, the following devices are actuated:
- a. the two injection valves are opene'.;
- b. We two storage tank discharge v;dves are opened; the two injection pumps are started; and
} c.
- d. the reactm water cleanup isolat.on v;dves are closed.
2.2.4 1/17/92
- - .~. _
ABWR oesign 0:cument When the SLCS is manually initiated to inject a liquid neutron absorber into the reactor, the follouing devices are actuated by each switch:
- a. one of the two injection vahes is opened; h one of the two storage tank discharge vahes is opened;
- c. one of the two injection pumpr. is started; and
- d. one of the reactor water cleanup isolation valves is closed.
The SLCS provides borated water to the reactor core to compensate for the various reacthity effects during the required conditions. These effects include xenon decay, elimination of steam voids, changing water density due to the reduction in water temperature, Doppler efTect in uranium, changes in neutron leakage and changes in control rod worth as boron affects neutron migration length. To meet this objective, it is necessary to inject a quantity of boron which produces a minimum concentration of 850 ppm of natural boron in the reactor core at 70'F. To allow for potentialleakage and imperfect mixing in the reactor system, an additional 25% (220) is added to the above requirement. The required concentration is achieved accounting for dilution in the RPV with a normal water level and including the volume in the residual heat removal (J shutdown cooling piping. This quantity of boron solution is the amount which is above the pump suction shutofTlevelin the tank thus allowing for the portion of the tank volume which cannot be injected.
The pumps are capable of producing discharge pressure to iniect the solution into the reactor when the reactor is at high pressure conditions corresponding to the system relief valve actuation.
The SLCS includes sufficient Control Room indication to allow for the necessary monitoring and control during design basis operational conditions. This includes pump discharge pressure, storage tank liquid Icvel and temperature as well as valve open/close and pump on/offindication for those components shown on Figure 2.2A (with the exception of the simple check valves).
The SLCS uses a dissolved solution of sodium pentaborate as the neutron-absorbing poison. This solution is held in a storage tank which has a heater to maintain solution temperature above the saturation temperature. The heater is capable of automatic operation and automatic shutofT to maintain an acceptable solution temperature. The SLCS solution tank, a test water tank. the two positive displacement pumps, and associated vahing is located in the secondary containment on the floor elevation below the operating floor. This is a Seismic Category I structure, and the SLCS equipment is protected from phenomena g) 1 such as carthquakes, tornados, hurricanes and floods as well as from internal postu:ated accident phenomena. In this area, the SLCS is not subject to conditions such as missiles, pipe whip, and discharging fluids.
2.2.4 1/17/92
ABWR 0: sign 0: cum:nt
. ,a The pumps, heater, valves and controls are powered from the standby power supply or normal ofTsite power. The pumps and valves are powered and controlled from separate buses and circuits so that single active failure will not prevent system operation. The power supplied to one motor operated injection valve, storage tank discharge valve, and injection pump is powered from Division I,480 VAC. The power supply to the other motor-operated injection valve, storage tank outlet valve, and injection pump is powered from Division 11, 480 VAC. The power supply to the tank heaters and heater wntrols is connectahic to a standby power source. The standby power r.ource is Class 1E from an on-site source and is independent of the off-site power.
All components of the system which are required for injection of the neutron absorber into the reactor are classified Seismic Category I. All major mechanical components are designed to meet ASME Code requirements as shown below.
ASME Design Conditions Camoonent Code Class Pressure Iempamlute Storago Tank 2 Static Head 150*F Pump 2 1560 psig 150'F n
( ) Injection Valves 1 1560 psig 150*F v
Piping Inboard of 1 1250 psig 575*F Injection Valves Design provisions to permit system testing include a test tank and associated piping and v;dves. The tank can be supplied with demmeralized water which can be pumped in a closed loop through either pump or injected into the reactor.
The SLCS is separated both physically and electrically fr om the control rod drive system.
Inspection, Test, Analyses and Acceptance Criteria Table 2.2.4 provides a definition of the inspections, tests, and/or analyses together with associated acceptance criteria which will he undertaken for the SLCS.
/
2.2.4 1/17/92
O (*3 v (J%
V Table 2.2.4: STANDBY LIQUID CONTROL SYSTEM
{
Inspections, Tests, Analyses and Acceptance Criteria inspections, Tests, Analysns Acceptance Criteria Certified Design Ccmmitment
- 1. Construction records, revisions and plant 1. It must be shown the SLCS can achieve a
- 1. The minimum average poison poison concentration of 850 ppm or greater concentration in the reactor after operation visual examinations will be undertaken to assess as-built parameters listed below for assuming a 25% dilution due to non-of the SLCS shall be equal to or greater rniform mixing in the reactor and than 850 ppm. compatibility with SLCS design calculations. If necessary, an as-built SLCS accounting for dilution in the RHR analysis will be conducted to demonstrate shutdown cooling systerrs. This the acceptance critena is met. concentration must be achieved under system design basis conditions.
Critical Parameters:
This requires that SLCS meet the following i
- a. Storage tank pumpable volume values:
RPV water inventory at 70'F Storage tank pumpable volume range b.
6100-6800 gal.
- c. RHR shutdown cooling system water inventory at 70cF RPV water inventory 5 1.00 x 106fb h RHR shutdown cooling system inventory s .287 x 10 6 lb Inspections of insta!!ation records together 2. The system configuration is in accordance
- 2. A simplified system configuration in 2.
with plant walkdowns will be conducted to with Figure 2.2.4.
shown in Figure 2.2.4.
confirm that the iiistalled equipment is in compliance with the design configuration defined in Figure 2.2.4.
5 5
w
. . . . ~ , . . . . . . ,
- g. n p.
ta. Table 2.2.'4: ISTANDBY LIQUID CONTROL SYSTEM (Continued)
Inspections, Tests, Analyses and Acceptance Critoria
" Certified Design Commitment - Inspections, Tests, Analyses Acceptance Criteria
- 3. ' SLCS shall be capable of delivering'100 3. System preoperation tests w:ll be 3. !t must be shown that the SLCS can -
gpm of solution with both pumps ' conducted to demonstrate acceptable ' automatically inject 100 gpm (both pumps
. operating against the elevated pressure pump and system performance. These running) against a reactor pressure of 1250 -
conditions which can exist in the reactor tests will involsa establishing test ,
psig with simmutated ATWS conditions. It ~
during events involving SLCS initiation. conditions that simulate conditions which must also be shown that the SLCS pumps -
will exist during an SLCS design basis can pump the entire storage tank event. To demonstrate adequate Net pumpable volume.
Positive Suction Head (NPSH). delivery of l rated flow will be confirmed by tests i conducted at conditions of low level and
- maximum temperature in the storage tank. -
i and the water will be injected from the storage tank to the RPV.
- 4. The system is designed to permit in-service 4. Field tests will be conducted after system 4. Using normally installed controls, power functional testmg of SLCS. installation to confirm, in-service system supplies and other auxiliaries, the system y testing can be performed. has the capability to-
- a. Pump tests in a closed loop on the test
-tank and
- b. Reactor pressure vessel injection tests using demineralized water from the test tank.
- 5. The pump, heater, valves and controls can 5. System tests will be conducted after 5. The installed equipment can be powered be powered from the standby AC power installation to confirm that the electrical from the staadby AC power supply.
supply as described in Section 2.2.4? power supply configurations are in compliance with design commitments.
- 6. All SLCS components which are required 6. See Generic Equipment Qualification 6. See Generic Equipment Qualif; cation for the injection of the neutron absorber verification activities (ITA). Acceptance Criteria (AC).
into the reactor are classified Seismic Category I and qualified for appropriate environment for locations where installei 4
3
.5 m-I
" Y
.W%-
(d V V e Figure 2.2 4 STANDBY LIQUID CONTROL SYSTEM (STANDBY MODE) 9 s
VENT m
PRIMAHY CONTAINMENT STORAGE TANK TE A L
'H SAMPLING n n L L SYSTEM HEATER I I
,__ __y i I
--A-- ------ HPCF *B' 8 8 SUCTION VALVES M M (WITH POSITION
, , INDICATION)
_ _ia. _ _ ._ _ __i a , ,so, CODE CLASS r--%
p' - - - - - - - - - - --I- - - -[- - - - j_ _ _ 3 1g l T T ! ',
h _ _ INJECTION __- I I I
- VALVES ; PUMPS I l l (WITH POSITION , g i i g 1NDICAT OM i _ _ _ _.I L___1 1 M M -
I I '
L _ _ _ Q _ _ _ _ _ Q - _ _ _I I ' y t_____
L---- i r ---- ' ASME l l l CODE CLASS 2 I p
i ,
TANK i
_ _s u
ABWR 0: sign 0:cument
')
2.2,7 Reactor Protection System The reactor protection system (RPS) for the Advanced lloiling Wate Reactor (AllWR) is a warning and trip system where initial warning and trip decisions are implemented with software logic installed in microprocessors. The primary functions of this system are to: (1) make the logic decisions related to warning and trip conditions of the individualinstrument channels, and (2) make the decision for system trip (emergency reactor shutdown) based on coincidence of ;
instrument channel trip conditions.
The RPS is classined as a safety protection system (i.e., as differing from a reactor control system or a power generation system). All functions of the RPS and the components of the system are safety-related. The RPS and the electrical equipment of the system are also classi6cd as Safety Class 3, Seismic Category I and as IEEE electrical category Class 1E.
Ilasic System Parameters are:
- a. Number ofindependent divisions of equipment 4
- b. Minimum number of sensors per trip variable 4 (at least one per division)
+n 1
- c. Number of automatic trip systems (one per division) 4
- d. Automatic trip logic used for plant sensor inputs 2<mt of4 (per division)
- c. Separate automatic tiip logie used for division 2-ou t-of-4 trip outputs
- f. Number of separate manual trip systems 2
- g. Manual trip logic 2-outef-2 The RPS consists ofinstrument channels, trip logics, trip actuators, manual controls and scram logic circuiuy that initiates rapid insertion of control rods (scram) to shut down the reactor for situations that could result in unsafe reactor operating conditions. The RPS also establishes the required trip conditions that are appropriate for the difTerent reactor operating modes and provides status and control signals to other systems and annunciators. The RPS related equipment includes detectors, switches, microprocessors, solid-state logic circuits, relay type contactors, relays, solid-state had drivers, lamps, displays, signal transmission routes, circuits and other equipment which are required to execute the functions of the system. To accomplish its overall O'-
function, the RPS utilizes the functions of the essential multiplexing system (EMS) and of portions of the safety system logic and control (SSI.C) system.
2.2.7 1/17/92
ABWR Design Document O As shown in Figure 2.2.7a, the RPS inter faces with the neutron monitoring system (Nh1S), the process radiation monitoring (PRRhi) system, the nuclear boiler system (Nils), the control rod drive (CRD) system, the rod control and information system (RC&lS), the recirculation flow control (RFC) system, the process computer system and with other plant systems and equipment. RPS components and equipment are separated or segiegated from process control system sensors, circuits and functions such as to minimize control and protection system interactions. Any necessary interlocks from the RPS to control systems are through isolation desices.
The RPS is a four division system which is designed to provide r#able single-failure pioof capability to automatically or manually initiate a reactor scram while maintaining protection against unnecessary scrams resulting from single failures in the RPS. The RPS remains single-failure proof even when one entire division of channel sensors is bypassed and/or when one of the four automatic RPS trip logic systems is out-of-senice. All equipment within the RPS is designed to fail into a trip initiating state or other safe state on loss of power or input signals or disconnection of portions of the system. The system also includes trip bypasses and isola;ed outputs for display, annunciation or performance monitoring. RPS inputs to annunciators, recorders and the computer are 7
electrically isolated so that no malfunction of the annunciatmg, recording, or
![- . computing equipment can functionally disable any portion of the RPS. The RPS related equipment is disided into four redundant disisions of sensor (instrument) channels, trip logics and trip actuators, and two divisions of manual scram controls and scram logic circuitry. The automatic and manual scram initiation logic systems are independent of each other and use diverse methods and equipment to initiate a reactor scram. The RPS design is such that, once a full reactor scram has been initiated automatically or manually, this scram condition seals-in such that the intended fast insertion of all control rods into the reactor core can continue to completion. After a time delay, deliberate operator action is required to return the RPS to normal.
Figure 2.2.7b shows the RPS divisional separation aspects and the signal flow paths from sensors to scram pilot valve solenoids. Equipment within a RPS related sensor channel consists of sensors (transducers or switches),
muhiplexers and dir, ital trip modules (DTAts). The sensors within each channel monitor for abnormal openting conditions and send either discrete histable (trip /no trip) or analog signals directly to the RPS related DT.1\ or else send analog output signals to the RPS related DTN1 by means of the remote muhiplexa ait (Rh1U) within the associated division of essential multiplexing system (E' bi. The RPS related histable switch type sensors, or,in the case of analog channels, the RPS software logic, will initiate reactor trip signals within the individual sensor channels, when any one or more of the conditions listed v below exist within the plant during different conditions of reactor operation, and will initiate reactor scram if coincidence logic is satisfied.
- a. Turbine Stop Vahes Closure (above 40% power levels) [RPS) 2.2.7 1/17/92
A8WR oesign occument lO h. Turbine Control Valves Fast Closure (above 40% power levels) (RPS]
- c. NMS monitored SRNM and APRM conditions exceed acceptable limits
[NMS)
- d. High Main Steam 1.ine Radiation [PRRM System]
- c. High Reactor Pressure (Nils)
- f. Low Reactor Water Level (Level 3) (Nils)
- g. High Dr)well Pressure { Nils)
- h. Main Steam Lines isolation (MSLI) (Run mode only) [NBS)
- i. Low Control Rod Drive Accumulator Charging Header Pressure [CRD]
- j. Operator-initiated Manual Scram [RPS]
The system monitoring the process condition is indicated in brackets in the list above. The RPS outputs, the NMS outputs, the PRRM system outputs and the MSLI and manual scram outputs are provided directly to the RPS by hard-wired O -c tiber-optic eianais. The xBS aud the CRD sv, tem provide other sen,or outputs brough the 131S. Analog to digital conversion of these lattu sensor output values is done by EMS equipment. The DTM in each division uses either the discrete histable input signals, or compares the current values of the individual monitored analog vanables with their trip setpoint values, and for each variable sends a separate, discrete bistable (trip /no trip) output signal to the trip logic units (TLUs) in all four divisions of trip logics. The DTMs and TI,Us utilized by the RPS are microprocessor components within the SSLC sys u m .
RPS related equipment within a RPS division of trip logic consists of manual control switches, bypass units (BPUs), trip logic units (TLUs) and output logic '
units (OLUs). The manual control switches and the BPUs,TLUs and OLUs are components of the RPL portions of the SSLC system. The various manual switches provuie the operator means to modify the RPS trip logic for special operation, maintenance, testing and system reset. The bypass units perform bypass and interlock logic for the single division of channel sensors bypass function and for the single division TLU bypass function. The TLUs perform the automatic scram initiation logic, normally checking for two-out-of-four coincidence of trip conditions in any set ofinstrument channel signals coming from the four division DTMs or from isolated histable inputs from all four divisions of NMS equipment, and outputting a trip signal if any one of the two-O out-of.rour coincidence chect is atisried. TLU trie decision ioaic in aii four RPS TLUs becomes a check for two-out-of-three ccincidence of trip conditions if any one division of channel sensors has been bypassed. The OLUs perform the division trip, seJ-in, reset and trip test functions. Trip signals from the OLUs within a single division are used to ' rip the trip actuators, which are fast response, 2.2.7 1/17/92
ABWR oesign occument histable, solid-state load drivers fbr automatic scram initiation, and are trip relays for air header dump (back-up scram) initiation, l oad driver outputs toggled by a division 01 U interconnect uith load driver outputs toggled by other division OLUs into two separate arrangements which results in two<mt-of four scram logic,i.e., reactor scram will occur ifload drivers associated uith any two or more divisions receive trip signals.
The isolated ac load drivers are fast response time, bistable, solid-state, high current interrupting devices. The operation of the load drivers is such that a trip signal on the input side will create a high impedance, cunent interrupting condition on the output side. The output side of each load drivet is electrically isolated from its input signal. The load driver outputs are arranged in the scram logic circuitry, between the scram pilot valves' solenoids and the solenoids ac power source, such that when in a tripped state the load drivers will cause deenergization of the scram pilot vatee solenoids (scram initiation). Normally closed relay contacts are arranged in the two back-up scram logic circuits, between the air header dump valve soienoid and air header dump valve de solenoid power source, such that when in a tripped state (coil deenergized) the relays will cause energization of the air header dump valve solenoids (air header dump initiation). Associated de voltage relay logic is also utilized to efTect scram reset permissives and scram follow (control rod run-in) initiation.
O The RPS design for the AllWR is testable for correct response and performance, in over-lapping stages, either on-line or oft-line (to minimize potential of unwanted trips). Access to bypass capabilities of trip functions, instrument channels or a trip system and access to setpoints, calibration controls and test points are designed to be under administrative control.
Inspection, Test, Analyses and Acceptance Criteria Table 2.2.'t provides a definition of the visual inspections, tests and/or analyses, together with associated acceptance criteria, which will be used by the RPS.
O 1,
2.2.7 1/17/92
y . Table _2.2.7: .. REACTOR PROTECTION SYSTEM -
a
- Inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment inspections, Tests, Analyses Acceptance Criteria ,
, 1. RPS safety-related software, which is - 1.- See Generic Software Development 1. See Generic Software Development utilized in effecting individual sensor - verification activities (ITA). ' Acceptance Criteria (AC).
channel trip decisions and trip system ~
coincidence trip decisions, has been
' developed and verified, the firmware implemented and validated and then integrated with hardware; all according to a formal documented plan.
- 2. Certain process signals utilized by the RPS 2. See the Essential Multiplexing System 2. See the Essential Multiplexing System are transmitted to RPS sensor channel . verification activities (ITA). Acceptance Criteria (AC).
signal processing equipment by means of four separate divisions of Essential !
Multiplexing System equipment.
- 3. Critical parameter trip setpoints are based 3. See Generic Setpoint Methodology 3. See Generic Setpoint Methodology
, upon values used in analyses of abnormal verification activities (ITA). Acceptance Criteria (AC).
T operational occurrences. . Documented instrument setpoint methodology has been ,
used to account for uncertainties (such as instrument inaccuracies and drift) in order ;
to establish RPS related setpoints. H
- 4. RPS equipment is designed to be protected 4. See Generic EMI/SWC Oualification '4 See Generic EMI/SWC Oualification ;
from the effects of noise, such as verification activities (ITA). Acceptance Criteria (AC).
electromagnetic interference (EMI), and ,
has adequate surge withstand capability
' (SWC).
- 5. RPS equipment is qualified for seismic 5. See Generic Equipment Qualification 5. See Generic Equipment Qualification >
loads and appropriate environment for verification activities (ITA). Acceptance Criteria (AC).
locations where installed.
N w
h h h g Tat,le 2.2.7: iREACTOR PROTECTION SYSTEM (Continued)
-a inspections, Tests, Analyses and Acceptance Criteria -
Certified Design Commitment - Inspections, Tests,' Analyses ~ Acceptance Criteria .
- 6.- RPS components and equipment are kept - 6. Visual field inspections and analyses of ' 6. RPS equipment installation acceptable if separate from equipment associated with relationship of installed RPS equiprhent . inspections, analyses and/or tests confirm process control systems. and ofinstalled equipment of interfscinp that any failure in process control systems ;
~ocess control systems (and/or tests of can not prevent RPS safety functions.
interfaces) to confirm appropriate isolation methods used to satisfy separation and segregation requirements.
- 7. Fail-safe failure modes result upon loss of 7. Field tests to confirm that trip conditions 7. Acceptable if safe state conditions result a power or disconnection of components. and/or bypass inhibits result upon loss of upon loss of power or disconnedion of -
power or disconnection of components. - portions of the RPS.
- 8. Provisions exist to limit access to trip 8. Visual field inspections of the installed RPS 8. The RPS hardware /firmware will be.
setpcints, calibration controls and test equipment will be used to confirm the considered acceptable if appropriate points. existence of appropriate administrative methods exist to enforce administrative controls. control for access to sensitive areas.
, h 9. The four redundant divisions of RPS 9. Inspections of fabrication and installation 9. Installed RPS equipment will be equipment and the four automatic trip records and construction drawings or determined to conform to the documented systems are independent from each other visual field inspections of the installed RPS description of the design as depicted in except in the area of the required equipment will be used to confirm the Figure 2.2.7b.
coincidence of trip logic decisions and are quadruple redundancy of the RPS and the both electrically and physically separated - electrical and physical separation aspects from each other. Similarly,the two manual of the RPS instrument channels and the trip systems are separate and independent four automatic trip systems as well as their of each other and of the four automatic trip diversity and independance from the two j systemc . manual trip systems.
t N
w l
g - n- , ,. y y me
OL O O ,
y Table 2.2.7: REACTOR PROTECTION SYSTEM (Continued)
.q Inspections, Tests, Analyses and Acceptance Criteria ;
Certified Design Commitment inspections, Tests, Analyses Acceptai :e Criteria
- 10. It is possible to conduct verifications of 10. Preoperational tests will be conducted to 10. The installed reactor protection system RPS operations, both on-line and off-line, confirm that system testing such as configuration, controls, power sources by means of a)individualinstrument channel checks, channel functional tests, and installations of interfacing systems !
channel functional tests, b) trip system channel calibrations, coincident logic tests . supports the RPS logic system functional -
functional tests and c) total system - and paired control rods scram tests can be - testing and the operabilW verification of functional tests. performed. These tests will involve design as follows:
simulation of RPS testing modes of operation. Interlocks associated with the a. Installed RPS hardware /firmware'-
reactor mode s.vitch positions, and with initiates trip conditions in all four RPS :
other operational and maintenance automatic trip systems upon bypasses or test switches will be tested coincidence of trip conditions in two or and annunciation, display and logging more instrument channels associated functions will be confirmed. with the same trip variable (s).
- b. Installed system initiates full reactor trip and emergency shutdown (i.e., !
i h deenergization of both solenoids associated with all scram pilot valves) upon coincidence of trip conditions in l two or more of the four RPS automatic '
, trip systems. ,
- c. Installed system initiates trip .
conditions in both RPS manual trip systems if both manual trip switches are operated or if the reactor mode switch is placed in the " shutdown" ;
position. !
- d. Trip system (automatic and manual) ;
trip conditions seal-in and protective actions go to completion. Trip reset -
(aher appropricta delay for trip completion) requires deliberate Operator action. ,
5y m _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ . . _ _ _ . _ _ _ _ _ _ _ _ _
=; .
,<, *%, e d- (m.j; ,
Q g Table 2.2.7: ' REACTOR PROTECTION SYSTEM (Continued) '
x inspections, Tests, Analyses and Acceptance Cr;teria i .
Certified Design Commitment Insg4 ctions, Tests, Analyses '- Acceptance Criteria
- 10. (Continued)
the CRD hydraulic system, and initiates :-
' CRD motor run-in, concurrent only with a full scrom condition.
- f. When not bypassed, trips result upon loss or disconnection of portions of the l system. When bypassed, inappropriate trips do not result.
- g. Installed system provides isolated
, status and control signals to data logging, display and annunciator h systems.
- h. Installed system demonstrates operational interlocks (i.e., trip inhibits -
or permissives) required for different cenditior.s of reactor operation.-
'l 1
N w
,m N-Q -hm b'
- g. Tatde 2.2.7: REACTOR PROTECTION . SYSTEM iContinued) 4 .
r inspections. Tests, Analyses and Acceptance Criteria Certdied De'4rn Commitment inspections, Tests. Analyses 4cceptanca Criteria
- 11. The RPS desig7 provides prompt 11. Preoperationa! tests will be condad to. 11 The RPS hardware /firmware respc,nse to protection against the onset and measure the RPS and supporting systems initiate reactorscram wit! be consioered consequences of events or conditions that : response times to: (1) monitor the varittion . acceptable if such response is threaten the integrity of the fuel barrier. of the selec>ed processes;(2) detect when 'cemonstrated to be sufficient to assure trip setpois have been exceeded; andd3) ' that the specified acceptable fuel design execute the subsequent protection actions - limits are not 6xceeded.
- - when coincidence of trip conditions exst.
Validotion Attritwtes-i Total trip system response, from time when
- i. sensor input is beyond setpoint to time of scram pilot valve soienoids deenergization: .
- NMS APRM s 0.090 sec.
- Reactor pressure s 0.55 sec.
t' Reactor water levet s 1.05 sec.
/p -
Turbine stop valve s 0.060 sec.
- closure l
- Turbine control valve r 0.080 sec.
fast closure Main steam lines 5 0.060 sec.
i- isclation r
l i
t b
,y
{
=
i ..
l 1
. - , , ,,,s - .,. . , . - - - . ~ , , = . -, s .8 .. -, .w.. ., , . , . . . - - - , . . - - , . = . , ~,-v ~
a , - . ... . . .. . ~ . - , - . . _c- ..--e-..._.-
( .
(nv)
N Figure 2 2.7a REACTOR PROTECTION SYSTEM N
=4 LOCAL AREA APN Nmmm Ma t%mcaw MAIN CONTROL ROOM PLANT SENSORS cs1 C n= R d ase RPS LOGIC & CONTROL NMS mop C71 C71 Pypassed (nts t sp g C71 , C71 C71 C71 RPS RPS SFNtu m num p **S "'S **S **S Header 1rp Reactor Short Penod Manual Osr T@ MANUAL MANUAL Pawed %
uoe. B e ss assues Wop wei SCRAu SCRAu Scram Te=1 Swech Careefs , i,, Ht t Beassmf tne8 trt**d! saaM ead r***r A ! 9 Swe:t**
W~T h h }MF " Y PRRM MSL m -
try asputs C71
- Htt RSS I
< 1r 1r m er r
SSLC RPS LOG 1C PERFORMS: p 7
AS - S~-or C- Tm o---
-Symam Connodance Tm Dacrsert y or F
u
("C'"'7 2
3S - C-~ and - to9c
"*I*
5 C
C12 CR0 HCu Accumutarar
<CRD Charyno Header % E 2L - Se==r g_ , e"U DrywaR Pmssure m H23 M -
C -Ca+.ra,rm Saw o- u Scram I%x Vahe d Ld L B21 Paador Nar Le L-*' b - + &w W h &
NsS . "anc WWJ'~ew:r-------- + _
C70 RPS LOGIC ,a, rt m AC Bwd s MS1V Non S=*(**s 2 il'~
REACTOR UTM
' Acuarers h5r Saam Air PROTENN RU j h* g%
SYSTEM OLU
-
- h Dump Valves = -
C71 Tutuna HTS Oil Pressts. Norntow fD'T U' t'T DC * *' 8 Tu'tzne 1st Stage Pressura
! I hJLJL (
RPS pesumme sa,stnic AdW I 9C SSLC Logat Proc *SS89 Processmg y e?Tment ter Other r '
locatad Safar; Syssams D h h#M t wt H11 ; ,RC&fS fCw9m8 Rod hint ;
GLOSSARY-APRM - Averaga Pt wer Range Manstor CRO - Contre 4 Rod Dewe WEUvmW SIGNN. TRANSFER 7 M N* CONCINE LE C EOC - Endof Cytte g EMS - Esseremi MuRcdesng Sys!*m "
HCU - Hy+aulN: ConPol Urut Rod Weerawai CDotA W%we Gypass Swect For CRO " *C " N' C11 RCIS HTS - Hydraubc Tm Syssam Haeder low Pr=ssure T:v as n "Bytxessi $Nueen MCRP - Man Control 'loorre Pare t
R46 *
, % g, g, yg C31 RFC hab. Flow Coreet Syssem - EOC RPT Command < saps &ae m ;
MSL - Mart Steam Line C91 Process Cermtrer - Cpmaror Demsays. Data Loggme r g , ,,
esBS - Nuclear Boner System M11 MCRP-1 Coreof Comrtan - Cbarator Dectays. Annuncusare cuaa g r75 voci NMS - heutron Morwarry System w PRRM - Process Raderen Monsortng Syssam R42 surs s=== w measw.
RC&r5 Rod CortPol & 1rtformaron System G*'***"**""'"
RFC - Rateen now Corces Sysram h*
RPS - Reactor Prenaden System eayjggygny [g y'qiggf fgy Q,,gg G fgggy gj,-jginggg ee RPT - Racwculahor Parnp Tm SRfes - Sta4up Range Neeston Monsor t'* SSLC - Satery Systemlogic & Cor*ot U UPS - Unentem.ctible P&ser Sar#y
- a
ABWR Design 0: cum:nt O Tigure 2.2.7b REACTOR PROTECTION SYSTEr.
Division 1 Division 2 Division 3 Division 4 Sensor Sento J,ensor 3ensor A . B C D 1 i i i i I i 1 Division 1 Haceway Division 2 Raceway Divis60n 3 Haceway Division 4 Racewa)
DTM DTM DTM DTM A B C D qu.u. c,> q u. 9 q .-> . . > , >
~ . '; ~- ,-:::
x p;dx ,
' y %s ,'~'
- .d
( *" s ~? 's
/ , . ,
. (
/ / *, s "s s (Y s's .~ ,' s ' r i 1
( ,_
i i I i i Divi' ion 1 hact way Dtvia ion 2Ilacoway Divia ion 3 hac< way Divis 'on 4 i' acoway TLU A TLU B TLU C TLU D l oLU A I I OLU 3 l I OLU C l l OLU D l Q ,
' I f"l Fiberoptic I cable - - -
i l iI I I l RPS G2 l !
l RPS-G1 i I
I l l RPS G3 l RPS G4l l Raceways, 4 l l l l l l,i . , l l l l l Output Output l Same l Same l Same l l Circuit Circuit l as G1 l as G1 l as G1 l Group 1 (A) Group 1 (B) g l l l l l Div. 2 Div. 3 l l l l
! l l l 1 Solenoid A golenoid l l ++-- "
l vent ;
(Manual trip or test logic interf aces not shown) inst. Air h, q~. .
To scran,
! Exhaust M Yl - -P i valve 2.2.7 1/17/92
ABWR onion Document 2.4.1 Residual Heat Removal (RHR) System Design Description The RilR system is comprised of three dhisionally separate subsystems that perform a variety of functions utilizing the lbliowing six hasic modes of operation: (1) shutdown cooling, (2) suppression pool cooling, (3) wetwell and dr>well spray cooling, (4) low pressure core flooder (1.PFl.), (5) fuel pool cooling, and (0) AC independent water addition. The configuration of each loop is shown on its P&lD in Figure 2.4.1 (aligned in the standby mode). The major functions of the various modes of operation include containment heat removal, reactor decay heat temoval, emergency teactor vessel level makeup and augmented fuel pool cooling. In line with its given functions, portions of the system are a part of the ECCS network and the containment cooling system.
Additionally, portions of the RilR system are considered a part of the reactor
, coolant pressure boundan;(RCPil).
The entire RilR system is designed to safety related standards although it ,
performs some no afety functions,i.e. those that are not taken credit forwhen !
evaluating design basis accidents. The safety related modes of operation include '
low pressure flooding, suppression pool cooling, wetwell spray cooling and shutdown cooling. Non-safety related mode of operation include drywell spray ;
' cooling, AC inglependent water addition ai gmented fuel pool cooling.
RHR also prmides a '.ack up, safety related fuci pool make-up capability.
Ancilhuy modes of operation include minimum flow hypass and full flow testing.
The ECCS function of the RilR system is performed by the 1.Pfl mode.
Following receipt of a 1.OCA signal (low reactor water level or high dr>well !
I pressure) the RilR system automatically initiates and operates in the 1.PFl.
mode,in conjunction with the remainder of the ECCS network, to prmide emergency makeup to the reactor vessel in order m keep the reactor core cooled such that the cdteria of10 CFR 50.46 are met. The 1.PFL mode is accomplished by all 3 loops of the RHR system by transferring water from the suppression pool to the RP% via the RilR heat exchangers. The 1.PFL mode is the only automatically initiated mode of RHR, but may also be initiated manually. The system will also automatically revert to the I.Pfl. mode of operation from any l other test or operating mode upon receipt of a 1.OCA signal. Each RHR loop's
_ RPV injection valve requires a low reactor pressure ti ermissive signal whether being opened manually or automatically in response to a LOCA signal.
The containment heat removal function in the AllWR is performed by the containment cooling system which is comprised of the low pressure core flooder (LPFL), suppression pool cooling, and wetwell and dowell spray cooling modes ,
of the RHR system. Following a LOCA the energy present within the reactor primary system is dumped either directly to the suppression pool via the SRVs, or indirectly via the dnwell and connecting vents. Subsequently, fission product decay heat continues to add energy to the pool. The containment cooling system is designed to limit the long-term hulk temperature of the suppression 2A1 1/17/92
ABWR Design 0:cument o
k) pool, and thus limit the long term peak temperatutes and pressuies uithin the wetwell ami di)well regions of the containment to within their analyicd design limits, with only 2 of the 3 loops in operation (i.e. worse case single faihue). The cooling requirements of the containment cooling function establish the necessary RilR heat exchanger heat removal capacity.
The 1.PFl. mode, along with its primary function of cooling the cor e, also serves to cool the containmer. as the heat exchanger is designed to always he in the loop. The dedicated suppression pool cooling nuxle is made available in each of the 3 loops of the RilR system by circulating suppression pool water through the respective RilR heat exchanger and then directly back to the suppiession pool. This mode of RilR is initiated manually. The wetwell and drywell spray modes of RilR are each available in only 2 of the 3 subsystems (loops 11 & C).
These functions are performed by drawing water from the suppression pool and delivering it to a conunon wetwell spray header and/or a conunon drywell spray header, both via the associated RiiR heat exchanger (s). These contaimnent spray modes of the RilR system are initiated manually. Ilowever, the dr>well spray inlet valves can only he opened if there exists high drywell pressure and the RPV injection valves are fully closed. Wetwell and drywell sprays serve as an augmented method of containment cooling. Wetwell spray also senes to g mitigate the consequences of steam hypassing the suppression pool.
V The normal operational mode of the RHR system is in the shutdown cooling mode of operation which is used to remove decay heat from the reactor core.
This nmde prmides the required safety related capability needed to achieve and maintain a cold shWJown condition, including conside:ation of the worst case system single failure. The RilR heat exchanger heat removal capacity requirements in this mode are bounded by containment cooling requirements.
Shutdown cooling is initiated manually once the RPV has been depressurized below the system low pressme permissive in this moos each loop takes suction from the RPV via its dedicated suction line, pumps the water through its respective heat exchanger and returns the cooled water to the RPV. Two loops (11 & C) dischargt water hack to the RPV sia dedicated spargers while the third loop (A) utilizes the vessel spargers of one of the two feedwater lines (FWLA).
The heat removed in the RHR heat exchangers is transported to the ultimate heat sink via the respective division of reactor cooling water and senice water.
Each shutdown cooling suction valve is interlocked with that loop's suppression pool suction and discharge valves and wetwell spray valve to prevent draining of the reactor vessel to the suppression pool. Also, each shutdou n cooling suction valve is interlocked with and automatically closes on low reactor water level.
The augmented fuel pool cooling mode of RHf wpplements/ replaces the normal fuel pool cooling system during infrequem conditions of high heat load.
(g) This mode is accomplished manually in one of two ways. When the reactor vessel head is removed, th cavity flooded and the fuel pool gates removed, the RUR system cools the fuel poolin the normal shutdown cooling mode. When the fuel poolis othenvise isolated from the reactor cavity, two loops (Il & C) of the RHR system can directly cool the pool by taking suction from and discharging back to 2.4.1 1/17/92
ABWR oesion Document G
V the normal fuel pool cooling system. This (onnection also pimides foi emergency fuel pool make-up capability by supplying a saleiv related make-up path to the fuel pool from a safety related somcc, i.e. the suppression pool.
One loop (C) of the RI1R system also functions in an AC independent water addition imnic. This mode prmides a means of cross connecting the reactor building fhe protection system header to the Rl1R systemjust outside containment in the absence of the normal ECCS netwmk and independent of the normal essential AC power distribution network.. The wnnection is accomplished by the manual opening of two in-sciics valves on the cross connection pipingjust upstream ofits tie-in to the notmal RilR piping. Fire protection system water can be directed to either the RPV or the drywell spray sparger by manual opening of the respective RI1R injection valve. The fire water is supplied via the system's reactor building distribution header by either the direct diesel driven fire pump or from an external source utilizing a dedicated connectionjust outside the reactor building.
Each lonp or RI1R also has both a minimum flow mode and a full flow test mode.
The minimum flow mode assmes that there is ptunp flow sufficient to keep the pump cool by opening a minimum flow valve that directs flow back to the suppression pool anytime the pump is running and the main discharge valve is h7 closed. Upon sensing that there is adequate flow in the pump main discharge line, the minimum flow valve is automatically closed. In the full flow test mode the system is essentially operated in the suppression pool cooling mode, drawing suction from and discharging back to the suppression pool.
The RilR system is comprised of three separate loops or subsystems, each of which includes a pump and a heat exchanger, takes suction from either the RPV or the suppression pool, and directs water back to either the RPV or the suppression imol. Two of the three loops can dive I a portion of the suppression pool return flow to a common wetwell spray sparger or direct the entire flow to a common drywell spray sparger. The divisional subsystems of the RI1R system are separated both mechanically and electrically as well as being physically located in different areas of the plant to address requirements pertaining to fire protection and other separation criteria. Each of the three subsystems is powered from a separate disisional power distribution bus that can be supplied from either an on-site or oIT-site source. Cooling water to each division of RilR equipment (heat exchanger as well as innup and motor coolers) is supplied by the respective division of the reactor cooling water (RCW) system. The RilR system also includes provisions for containment isolation and RCPil pressure isolation.
The RilR system will maintain the capability to perfbrm its intended safety O rei" icd f"nciton' ciiher ratiowinn e s>re shotde u earibu" ate or derina ihe environmental conditions imposed by a LOCA, and in c.ch case assuming the worst case single failure. The system will also acconunodate calculated movement and thermal stresses. The system is designed so that the pump 3 have sullicient NPSil available in all operating modes. The system can be powered 2.4.1 1/17/92
ABWR oesinn occwnent n
G fiom either normal olFsite sources oi by the emergency diesel generato s. The RilR system is Seismic Categmy I and is housed in the Seismic Category I reactor building to punide protection against totnados, Goods, and other natural phenomena.
The RilR pmnps are motoralriven centrifugal pumps capable of supplying at least 4200 ginn at 40 psid (diywell to RPV). The pumps are ASME Code Class 2 components with a design pressure of 500 psig and a design temperature of 360 'F. The pumps are interlocked fiom starting without an open suction path.
The RilR pumps are protected from possible pump run out conditions in all operating modes. The RilR heat exchangers are horizontal U tube / shell type siecd to provide a minimum clicctive heat removal capacity (K-cocDicient) of 195 litu/sec F. The primary and secondary sides of the heat exchangers are ASME Code Class 2 and 3, respectively. The primary side design temperature and pressure are 500 psig and 360 F, respectively. The secondaiy side design temperature and pressure are consistent with that of the RCW system. Each loop of RilR has its ownjockey pump to act as a keep fill system ihr that loop's pump discharge piping. Thejockey pumps are ASME Code Class 2.
The R1IR system piping and valves are ASME Code Class 1 or 2 as shown on the P&lD (Figures 2A.1). The design pressure and temperatur e of piping and valves O varice acre s th e ,rste m . r er ihat nirim a aiiach e d io th e a r v. h o m ih e n e v o ei to and including the outboard containtnent isolation valves, the design pressure and temperature are 1250 psb and 575 F, respectively. For other piping open to the contaiiunent atmosphere, out to and including the outboard containment isolation valves, the design pressure and temperature are 45 psig and 219 F, iespectively. For piping and vidves outside the containment isolation valves, the design pressure and temperature depends on whether it is located on the suction or discharge side of the main pump. Those portions on the suction side are rated at 200 psig and 360 F, while those portions on the discharge side are rated at 500 psig and 360 F, respectively. The low pressure portions of the shutdown cooling piping are proiccted from full reactor pressure by automatic pressure isolation valves that are interlocked with reactor pressure.1ligh reliability of this interlock is assured by utilizing 4 separate and disisionally independent pressure sensors in a 2-out-of-4 logic. Additionally,in-series inboard and outboard containment / pressure isolation valves in each loop are powered from separate electrical divisions. Relief valves are also provided for protection from overpressme.
The RHR system includes su0icient Control Room indication to allow for the necessary monitoring and control during design basis operational conditions.
This includes system Dows, temperatm es and pressures as well as valve open/
close and pump on/offindication for those instruments and components shown O on Fixures ea.i.e. h and c.with the exceptien of simpic chect vaives and overpressure relief valves (of the check valves shown only the testable check i v;dves downstream of each loop's RPV injection valve has control room status indication).
2.4.1 1/17/92
ABWR 0:sion 0:ccm:nt c \
'x_ )
Inspection, Test, Analyses and Acceptance Criteria 1his section jn<nities a (lefinition of the inspections, tests anti /or analyses together with associatc<l an eptance criteria which will be nnclet taken for the 111 lit systein, 1
. I i
I i
l l
l v
rh t
</
i 2.4.1 _p gjj g y
}
O O 0; y Table 2.4.1: RESIDUAL HEAT REMOVAL SYSTEM inspections, Tests, Analyses and Acceptance Criteria -
- Certified Design Commitment inspections. Tests. Analyses Acceptance Criteria
- 1. The configuration of the RHR system is 1. !nspections of the as-built RHR 1. Actual RHR system configuration, for those shown in Figures 2.4.1.a. b and c. configuration shall be performed. components shown. conforms with Figures 2.4.1.a. b and c.
- 2. The RHR system operates in the LPFL - 2. The ECCS LOCA performance analysis for 2. RHR system actuation and operation is mode as part of the overall ECCS network. assuring core cooling shaft be validated by consistent with the ECCS performance RHR system functional testing,inciuding . analysis as follows-i demonstration that the LPFL mode (of each j RHR loop)is capable of automatically a) RHR Pump Flow (at 40 psid) initiating and operating in response to i _2 4200 gpm j_ LOCA signal b) Trme to Rated Ficw l s 36 second,
- 3. The RHR system operates in the 3. The primary containment performance 3. RHR heat exchanger performance is
! suppression pool cooling mode to limit the analysis for long term peak pressure and consistent with the containment cooSng
. long term temperature and pressure of the temperature shall be validated by RHR - system anatysis as follows:
, ? containment under post-LOCA conditions. system functional testing demonstrating j- the required flowrate through the heat a) RHR Heat Exchanger effective heat i exchanger and by inspection of vendor test removal capability (K coeffcient) data and/or certifications confirming the _2195 Btu' sect.
j heat exchanger's effective heat removal j- capability. b) RHR Heat Exchangertube side flow I, 2 4200 gpm 4 4 A pcrtion of the RHR system return flow (in 4. RHR system functional tests shall be 4. . RHR ioops B F C each separately are loops B & C) can be diverted to the wetwell performed to demonstrate wetwell spray capable of providing wetwell spray firvr spray header. consistent with the suppresston pool flow capability.
bypass analysis as follows-i j a) Wetwell spray flow 2 500 gpm_
- 5. The RHR system operates in the shutdown 5. RHR system functional tests shall be 5. RHR system teach loop)is capable of
} cooling mode to terrove reactor core performed to demonstrate operation in the taking suction from and discharging back decay beat and bring the reactor to cold shutdown cooling mode of operation. to the reactor pressure vessel [ Heat shutdown conditions. exchanger heat removal capability in this mode is bounded by containment cooling
^
$ requ.rements -ITAAC # 31 w
h
!O O O r
Table 2.4.1: RESIDUAL HEAT REMOVAL SYSTEM (Continued) h inspections Tests Analyses and Acceptance Criteria Certified Design Commitment inspections Tests. Analyses Acceptance Criteria
' 6.; The RHR system (loops B & C) operates in 6. RHR system functional tests shall be 6. RHR system (loops B & C)is capable of the augmented fuel pool cooling mode to performed to demonstrate operation in the taking suct;on from and discharging back supply supplemental or rep!acement augmented fuel pool cooling mode of to the normal fuel pool cooling system.
cooling to the spent fuel storage pool operation. (Required cooling capability in this mode 4 under abnormal conditions. bounded by containment cooling requirements -ITAAC #31 j 7. The RHR system (loop C) provides an AC 7. RHR systems functional testing shall be 7. Flow capability exists for directing water independent water addition function. performed to demonstrate operation in the from the fire protection system to the RPV
, AC independent water addition mode of and drywell spray sparger, via the RHR
,. operation. system (loop C), without power being available f;om the essential AC distribution system.
l 8. The RHR system operates when powered 8. RHR system functional tests shall be 8. RHR system is capable of operating when from both normal off-site and emergency performed to demonstrate operation '. qen supplied by either power source.
, on-site sources. supplied by either normal off-site power or Y the emergency diesel generator (s).
- 9. If already operating in any other mode. the 9. Using simulated inputs, logic and 9. RHR logic functions as designed to RHR system automatically reverts to the functional testing shall be performed to automatically reconfigure tne system to LPFL mode in response to a LOCA signal. demonstrate the RHR systems ability to the LPFL mode of operation.
automatically revert to the LPFL moda from any other mode.
- 10. Pressure isolation valves are provided to 10. Using simulated inputs, logic and 10. Automatic isolation and interlock features protect low pressure RHR piping from functional testing shall be performed to function as designed to prevent possible 2 being subjected to excessively high reactor - . demonstrate operation of automatic overpressure conditions, pressure. isolation and interlock functions of pressure isolation valves. .
- 11. Each RHR loop operates automatically in a 11. Logic and functional testira shall be 11. RHR sys.am logic functions automatically minimum flew mode to protect the pump performed to demonstrate operation of Jie to assure a purnp minimum flow path i from overheating. minimum flow mode for each loop - exists and no deleterious affects are i dincluding extended minimum flow observed during extended operation in the operational ctenditions). minimum flow mode.
$ Y i O i, b
~
m - m. , - . . _ - - - . - - -.
. (~} {.
' ~
()
y ~ Table 2.4.1: RESIDUAL HEAT REMOVAL SYSTEM (Continued)
Inspections, Tests, Analyses and Acceptance Criteria
, Certified Design Commitment Ir.spections. Tests, Analyses Acceptance Criteria 1
.17. The RHR system automatically isolates 12. Using simulated input < iogic and valve 12. The shutdown cooling suction notation
. shutdown cooling suction valves to functional testing shatt . e conducted to ' valves automatically isolate on a low
- . prevent draining of the reactor vessel. demonstrate operation of the shutdown reactor water level signal.
cooling mode isolation function. =
' .n 13. RHR system valve interlocks prevent . 13. Using simulated inputs, logic and 13. RHR system valve interlock logic functions establishment of a drainage patl from the functional testing shall be conducted to to prevent possible RPV drain down.
g reactor vessel to the suppression pooi. . demonstrate operation of interlocking between RPV suction valves and other RHR valves providing potential flow paths to ;he suppression pool.
p 14. The drywell spray inlet valves can only be 14. Using simulated inputs, logic and 14. RHR drywell spray permissive logic opened if there exists high drywell functional testing shall be conducted to functions to prevent drywell spray inlet pressure and the RPV injection valves are demonstrate operation of drywell spray valves from opening in the absence of fully closed. permissive logic. either a high drywell pressure signal or a c g signalindicating RHR RPVinjection T valve (s) not fully closed.
1G. The RHR pumps are interlocked from 15. Logic tests shall be conducted to 15. An RHR pump start signal is not generated l
starting without an open suction path. demonstrate that the RHR purr.ps will not in the absence of :ndication of an open
, star'without an open suctit 1 path being suction path.
av. ' !e.
- 16. The RHR system utilizes jockey cumps (1 in 16. Functional tests will be performed to 16. Each jockey pump performs its keep fill i each loop)to keep the pump dscharge demonstrate the ability of the jockey pump function.
- lines filled. (in each loop) to keep its respective RHR
, pump disch3rge line fullwhile in the standby mode.
- 17. The RHR system full flow test mode allows 17. Functional tests will be performed to 17. Each RHR subsystem demonstrates full periodic demonstration of RHR capability demonstrate operation in the full flow test flow functional capability while during normal power operation. mode. approximating actual vessel injection conditions during operation in the full flow test mode.
1 18. The RHR pumps have sufficient NPSH 18. Actual system installation wi!! be 18. Minimum pump NPSH available, as l ,
. during all postulated operating conditions. inspected, and appropriate measurements determined based on as-built condmons.
[
'3 iB taken, to verify adequate pump NPSH. exceeds as-procured pump requirements.
4- m i , - - _ . . . -_ ._ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
l YL. Table 2.4.1: RESIDUAL HEAT RFMOVAL SYSTEM (Continued)
Inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment Inspections, Tests, Analyses Acceptance Critersa -t
- 19. RHR mechanical eq - mentis builtin- ' 19. Procurement records ar.d actual equipment 19. RHR equipment has appropriate ASME, '
accordance with ASME Code, Section !!! shall be inspected to verify applicable RHR Section !!!, Class 1,2 or 3 certifications in requirements. system components have been - ' accordance with its proper classification manufactured per the relevant ASME (as described in Section 2.4.1).
.;irements.
- 20. Control room indications are provided for xtions will be performed.to 20. The designated instrumentation is present certain RHR system parameters. .ify. presence of control room indication in the control room. ':
i _r the RHR system as described 2n 2.4.1. ,
, i
\ l' I
?
i i
d f i
l t
I
- s i d i
18 l-
r, p -
G J G g Figure 2.4.1a RESIDUAL HEAT REMOVAL (RHR-A) SYSTEM E
ASME d ASME CODE CLASS 1 ::' CODE CLASS 2 FEEDWATER *A*
- w - 4----
O h i i
! 9-Z i si :
1 ! i
? - - - - >R(-,1 ;@; , i A
7--N-------------m I g I
, g I
1 _ _ _T g I I I '
1 F-
~_ 1 ~-
5
-- - - - -[ - - - - - - - - -f - - - - - -H --------b T 3
h y -GT _ ,
c---- ---- , i e n
N i
3 g
i I I JOCKEY PUMP Z i I
i i
I yT T ! g y I
_N t L L I--
Hx l
Q l .
_1 Q
e e*<w = -
---J P T T P J.k i
TO FROM MAIN PUMP RCW *A* Y RCW *A*
5 5
m
l
,U I
m I p _
.i
)
M y G
E T
4 -
S _
Y - _
S - ; ' , - G _
)
B-
- 1 I
1 I p - hAC _
gI 2 . 2 R - _ - _
H _
R _ rI l f __
( . - _ -
L _ .
I I A . _
V O M OP C 3I _
gg
_. - ~_ -
..I P
l W
M E
RF F
I I
_ 1Y- _ - _ M U
_ - _ U R _ h- _
P G N
_ Y T
~__$E I
A .
K E _ ~
O)C A H _
_ [ C_
O L
TF _ q_ .
_ i A
U _
_ d JQ D _
I S _
_ f- J_
E R 3 H_ @-
_ I I l
_9
- B b
1 2 , _
T O T W C
R 4 _ .
2 e
_ __- y r
u g
g g i ^
F
__- OI M*B p
F _
_ __- R FMI I I ci,,I
. I iI I l j I I L.6T l
T-
,b
"' ,s 1r .
$$w
4' 4
- = ~
) .. jt , .I
~ _
"( _
g y I n
g .
l'
- l;. i - ,I t% T-
~
g' -
N ' -
G q 1 g , 3 '1 I I
'f _
4_
t N - _ _ -
_ . _ _ = .
D _ . . .
- l L _
I U - _ _ _ _ .
_ ~ C* -
B * }
p _ _ _
M* -
R -
, ~ OW _
O - _ _ _ _
~
R F C M
T _
_ _ _ _ _ y R
>- t C
A E yEMT M O N _ _ .
~
P.
x S R
{_ - F C TE
. C' L Y - _ _ _
S N ME S O T W' _
) _ LO AI R O TO Y S - _ _ 3
_ C R
C- N T F PR , .
_ _ 1 R RC _
H t N E r __ _ _ _ _
I I 5 .
- R..
(
L e
XN EO _ _
. _J -
P C .
A y _*
~
V O '
~
Q__ .
M O C P 9%
E R
rP iF 7
I I MN-U P
- - P M T _ _ _ _ Y U A .
_ E P E
H MC _ _ _ _
gC e K N L
A OP RF F
')- _
'1 J .
O
_ J g gM I
A a
U _ _ _
D - _ _
! ~ .
S _ _ - .
E ~
, I 1
R _
c _
rl I A g ,
_ 1 2 _ ? _
- 4 1 I
2 n
, 1x ; .
u i
F g I. y
$; z ~
)
8
-Y RN '
~
( -
c y . (=
i (v I
- g. ip 2MFJ
ABWR oesian 0:cument n
V 2.6.1 Reactor Water Cleanup System Design Description
'lhe CUW system iemoves par ticulate and dissohed impurities hom the reat tor coolant b, tecirculating a portion of the : car tot coolant theough a filter-deminerallier. The ClV system is designed to inocess a nominal flow of 2"0 of rated feedwater flow. The CUW is designed ihr 87.9 kg/cm2g and 30TC The CUW syste n iemoves excess coolani from the reactor system dming startup, shute;own amt not standby. The cuess water is directed to the main condenser, radwaste or suppression pool. The CUW system also provides processed water to he r, actor head einay norile for RPV couldown.
The CUW system minimi/cs RPV temperatm e gradients by maintaining circulation in the hottom head of the RPV during periods when the scartor Onternal pumps are unavaibble.
The suction line theough the PCPli contains two motor operated isolation valves which ~utt mativ. ally close in response to signals from the leak detection system, actuation of the Sf.CS, and high filter-demineraliecr inlet temperature.
A V The CUW system is classified as a nonsafety system with a major por tion of the system located outside of the primary containment pressure boundary (PCini) and automatically isolatahic. System piping and components within the PCPil, including the suction piping up to and mchuling the outboard suction isolation valve, and all containment imlativ>n valves inchrling interconnecting piping, are ASME Section 111 Seismic Category 1, Quality Group A. The flow element used for CUW system leak detection meets Seismic Categmy I and Quality Group A requirements to maintain structural integrity dming a f aulted condition. All ne. nsafety equipment is designed as Nonscismic, Quality Group C. l.ow prmure piping in the filter-demineraliecr atca, downstream of the high pressure block valves, is designed to Quality Group D.
The CUW systcm is a single closed loop system that takes suction fiom the reactor vessel bottom head drain line or the shutdown cooling suction line connection to RilR loop "ll". CUW llow passes through a regenerative heat exchanger (RilX) and two parallel nomegenerative heat exchangers (NRilX) to two pumps in parallel , The flow is discharged to two filer <leminerali/crs and returned, through the regenerative heat cubanger to feedwater lines "A" and
- ll" Each pump, NRIIX and filter-demincializer is capable of 50% system capacity operation. See Figure 2 6.1 for system ar rangement.
Each filter-demineraliter vessel is installed in an individual shielded O- cemearimeni wiih erevision, fhr handiine futer maieriai. inici. outici. vent.
drain and other process valves are located outside the filter-deminerali/er compartment in a separate shielded area together with the necessary piping and associated equipment.
2.6.1 1/17/92
ABWR oesign 0: cum:nt ,
v '
Process equipnient arul controls arr airanged so that nornial oj,erations are conducted at a panel from outt.ide the vessel on valve and pump wmpartnient l shielding walls. l Penetrations lluough compar tm - walls are designed so that they preclude direct radiation shine.
A remote, manually operated valve on the return line to the feedwater lines in !
the steam tunnel prmides long icam leuiage control and reverse flow isolation l is provuled by a check whc ut the f .U% piping. 1 Inspection, Test, Analysts and Accep an e Coiterin 1
Table 2.6.1 provides a defini' ion, of the instructions, tests, and/or analyse.s l together with :'..socialerl aue; tance a iteria wh'ch ta e undertaken for CUW. !
' /3 Y.)
\ ,
, 2.tL 1 1/17/92
.1
.l
O O _ O y Table 2.6.1: REACTOR WATER CLEANUP SYSTEM a
inspections, Tests, Analyses and Acceptance Criteria Certified Cesign Commitments inspections. Test, Analysis Acceptance Criteria i
- 1. The configuration of the CUW system is 1. Inspection of the as-built CUW 1. Actual CLAV system configuration shown in Figure 2.4.1. configuration shall be pe%rmed. conforms with Figure 2.6.1.
- 2. Suction lina isolation valves automatically 2. . Field test will be conducted to confirm that 2. CUWisciates when SLCSis actuated or isolate CUW upon SLCS actuation, leak CUW will isolate uoon SLCS actuation and leak detection limit is sensed by closing
[- detection, and high filter-demineralizer , leak detection by applying a simulated the primary containment pressure .
I temperature. isolation signal to the isolation logic circuit. boundary isolation valves.
I 3.' CUW equipment is provired with 3. inspection of the as-built CUW equipment 3. Actuallocation of the CUW equipment
- shielding. location will be performed to show that - conforms with the reactor building equipment is located in shielded areas arrangement drawings (see Figure (late 1L l
?
Y j L
t i
i l l
i O
l 1
i 2 5 g t u
- Q /] -(])
g Figure 2.6.1. REACTOR WATER CLEANUP (CUW) SYSTEE P8dD ASME ASME CODE CLASS 1 CODE CLASS 3
-- t.4- -
M 3 FROu RwR I 8 FJE DNER I 2l 3 RPV RHR Loop B '..a I
I W
s 4 1---
M hg -X NRHX RM 1 3 L.
CONTAINMENT (PCPB) RHX TO MAIN CONDENSER 4
- FILTER _
t TO RADWASTE 4 __
TO SUPPRESSION POOL -
DERENERALIZER -
4 C 5
5m
. . . . - _, _ , . .. _ _ _ _ _ _ _ _ _ ____.____________._________.____________._____._____.__2
4 A8WR onion Document O 2.10.23 Circulating Water System i Design Csrscription
'Ihe circulating water sptem (CWS) prmides a continuous supply of cooling water to the main condenser to remove the heat rejected by the turbine cycle and auxiliary sptems.
The CWS does not serve or support any safety function and has no safety design hasis.
To inevent flooding of the turbine building, the CWS is designed to
- automatically isolate in the event of gross system leakage. The chculating water pumps are tripped and the pump and condenser valves are closed in the event of a system isolation signal from the condenser area high high level switches. A condenser area high level alarm is prmided in the control room.
The CWS is designed and constructed in accordance with Quality Group D -
specifications.
The CWS consists of the following components:
h a. Intake screens located in a screen house
- b. Pumps
- c. Condenser water boxes d.- Piping and valves
- c. Tube-side of the main condenser
- f. . Water-box fill and drain subsystem Figure;9.10.23 is a simplined system diagram showing major system components. ;
inspection, Test, Analyses and Acceptance CriterM Table 2.10.23 provides a definition of the inspectiims, tests, and/or analyses, together with associated acceptance criteri a whi ch will be undertaken and for the Control lluilding.
- O 2.10.23 1/17/92
, - - , u ,,r w, s. +,:e,ee--,,,- - N,v-l,,,,,-,---. -.
smm--,-m--r --,an,,.,>. -ew,-m - .----.,-m,+--r--,,-~e -,..m,- .-w.s,-.* e, +-e,-
. O O O
': " . - Tatde 2.10.23: CBCLM.ATWG WATER SYSTEM P
O- -
Inspections, Tests, Analyses and Acceptance Criteria Cert #ied Design Commdment inspections. Tests Anolyses Acceptance Cnteria
- 1. Flooding of the turbine building will be 1. Visualinspection of the instaIIed 1. System isolates.
prevented by CWS isolation in the event of . equipment coupled with the analyses of .
, gross system leakage. the leakage / flooding characteristics of the as-built CWS will be performed using j simulated signals to verify system isolates on high level .
j' h l'
i
+
l-3 N
~
E*___
l 9 l
g l
- w I i D =
i 3
N taa 2- -> -
~
nua m, gg I to1&Js g .
(/) h '
b I" I!!D
--e h- l lb 4
leg N 's O_ _
C i g
> l~I! hn :
I ; N ly
'*l X / O-Z n a n N l e- i 0I 0 ;
e N
)
i 1 O- g
~, -
_ 1. . "
e '
a e ,
lI .
yl LO:
l
)
. 2.10.23 ~ 1/17/92
ABWR oulun 0:cument O 2,11.3 Reector Building Cooling Water System Design Description The reactor building cooling water RCW system distributes cooling water during various plant operating modes, as well as during shutdown, and during post-1.OCA operation of the various safety systems. The system removes heat from plant auxillaries and transfers it to the ultimate heat sink (UllS) via the reactor senice water (RSW) system. The RCW remmes heat from the ECCS equipment !
including the emergency diesel generators dunng a safe scactor shutdown cooling function.
The RCW system is designed to perform its required safe reactor shutdown cooling function following a postulated loss of coolant accident / loss of ofTsite power (LOCA/ LOOP), assuming a single active lidlure in any mechanical or electrical RCW subsystem or RCW support system. In case of a fitilure which disables any one of the three RCW divisions, the other two disisions meet plant safe shutdown requirements, including a 1.OCA or a loss of offsite power, or -
both.
Redundant isolation valves are able to separate the essential portions of the RCW (3 cooled components from the nonsafety related RCW cooled components during U a LOCA, to assure the integrity and safety ftmetions of the safety related parts of l
. the system. The isolation valves to the nonessential RCW system are automatically or remote-manually operated and their positions are indicated in the main control room.-
. Each RCW division includes two pumps which circulate RCW through the
- various equipment cooled by RCW and through three heat exchangers which transfers the RCW heat to the UIIS via the RSW.
Each RCW division hiain Control Room (h1CR) instrument indication includes
. main loop and RilR HX llow and temperature, h1CR controlincludes hiOV's (br RCW/RSW Heat Exchanger (HX) isolation, surge tank makeup control, ;
- HECW refrigerator RCW flow control, D/G RCW isolation, non essential RCW :
isolation, and RCW primary containment isolation.
The three RCW train configurations are shown on Figure 2.11.3. The RCW-system provides three similar complete trains, A, il and C which are mechanically and electrically separated. The RCW pumps and vidves (br each RCW division is 1 supplied electrical power from a different division of the ESF power system.
4he RCW ASNIE code classifications fbr different portions of the system are -
indicated on Figure 2.11.3a<. The safety related portions of the RCW divisions h_ are designed to Seismic Category I and Quality Group C. .
During various plant operating modes, one RCW water punip and two heat exchangers are normally operating in each division. Flow balancing provisions are included within each RCW division.
2.11.3 - 1/17/92
- . . .s ! - _ _ _ - 2._. __ _. _ . . _ _ . _ . _ _ . - . _ _ _ _ _ . _ . _ . _ . . _ . _ _ . . _ .
ABWR outon occument O Pump design parameters are:
RCW A/Il RCWC Design pressure (psig) 200 200 Design temperature ('F)_ 158 158 Discharge flow rate (gpm/ pump) 2 5,700 2 4,800 Pump total head (psig) 2 80 2 75 lleat exchanger capacities are cach: 245E6 Iltu/h 242E6 litu/h i I
= Connections to a radiation monitor are prmided in each dhision to detect radioactive contamination resulting from a tube leak in one of the RitR l
exchangers, fuel pool exhumers, or other exchangers.
..e RCW pumps and heat exchangers are located in the lower floors of the i control building. The equipment cooled by the RCW disisions are located in the reactor building, turbine building, and radwaste building, as stated on Figure >
2.11.3a-c. Tables 2.11.3.2b,c,d show which equipment receives RCW flow during various plant operating and emergency modes.- The tables also indicate how many heat exchangers are in service in each mode.
During nonnal plant operation, RCW flows through equipment which is j
{- nonnally operating md requires cooling and all ECCS equipment, except RIIR >
heat exchangers and eF <liesel generators as shown by open or closed valves in Figure 2.11.3.
If a 1.OC/ ; curs, a second RCW pump and third heat exchanger in each loop
. are placed in senice. Automatic or remote operated isolation valves will separate the RCW for the 1.OCA required safety equipment from the nonsafety-related ,
equipment, if a RCW surge tank low water level signal occurs. The primary
- containment RCW isolation valves automatically close if a 1.OCA occurs. :
After a I.OCA, the following sequence will be followed:
n i a. . If the nonsafety portion of RCW is available to the instrument air /senice air (IA/SA) compressors, the CRD pumps and CUW pumps, RCW flow to these nonsafety components shown on Figure 2.11,3 is maintained. Flowis automatically shutoff to other non-essential equipment after the 1.OCA.
- b. ' If the operator determines after the I.OCA, from essential RCW instrumentation, that the integrity of the non-safety RCW system to the- .
above mentioned compressors and pumps has been lost he can shut the l remote operated nonessentialisolation valves shown in Figure 2.11.3. .
If the surge tank water level reaches a low level, indicating loss ofwater out o! the RCW system, isolation valvesin the supply and return piping to the nonessential equipment will automatically close, including the compressors and pumps . ;
- mentioned above.
2.11.3 - 1/p/92
.- . .a _a .a. n. ,___u______, . . _ _ _ _ _ _ _ _ _ _ _ _ _
ABWR 0: sign 0:cument l m
- )
v The RCW/RSW heat exchanger design basis condition occurs during post-1.OCA cooling of the containment sia the RilR heat exchangers, l i
The RCW puinps have the flow capacity to deliver required flow to the ECCS l equipment in each division and the above mentioned compiessors and pumps if the isolation valves cannot be closed.
After a IDOP, the RCW pumps are automatically powered by the emergency diesel generators.
A separate surge tank is provided for each RCW disision. Normal makeup water source to the surge tank is the makeup demineralized water system. For 1.OCA (onditions, the suppiession pool cicanup system (SPCU) prosides a hackup surge tank water supply.
Inspection, Test, Analyses and Acceptance Criteria Table 2.11.3a provides a definition of the inspections, tu.s, arul/or analyses together with associated acceptance criteria which will be and undertaken for the RCW.
s v
N.)
2.11.3 1/17/92
O- O
~
Table 2.11.3a: REACTOR COOUNG WATER (RCW) SYSTEM to inspections, Tests, Analyses and Acceptance Criteria Oartifiv hesign Commitment inspections Tests, Analyses Acceptance Criteria
- 1. System configuration including key 1. Inspection of construction records will be 1. The system configuration conforms with componer.ts end flow paths are shown in perforrned. Visualinspectior (VI) will be Figure 2.113.
4 Figure 2.11.3. performed based on Figure 2.11.3.
- 2. Three RCW trains are mechanically and 2 Tests and VI of the thrm independent trains 2. Plant tests and VI confirm proper -
electrically independent. will be conducted which will Viclude independence of three RCW divisions.
independent ared coincident operation of the three trains to demonstrate complete divisional separation.
l 3. During various modes of operation, RCW 3. Limited system hydrualic tests will be 3. The results confirm the RCW has the water
- has adequate hydraulic capability for plant conducted according to available flow capability specified by the certified auxiliaries and the primary containrnent . ' nonnuclear heat plant conditions. The design commitment, including safe i required for safe shutdown following a tests will demonstrate a safe piad shutdown operation with 1 RCW division
, design accident or transient. These safe shutdown with one RCW division out of out of emnce.
shutdown requirements are satisfied with service.
, g_ only any 2 of 0 rtCW divisions operating.
! - 4. Isolation valves as shown in Figure 2.11.3 4 VI of the installed RCW system and RCW 4. Isolation valves are properly located as can automatically or remote manually preoperational tests as follows will be shown in Figure 2.11.3 and are separate the RCW for the essential completed. demonstrated to operate automatically or equipment from the RCW for the remote manually to isolate RCW for nonessential equipment. a. Remote-manual operation of the nonessential from RCW for essential -
isolation valves from the main control equipment cooled by RCW.
room.
combined with a simulated RCW surge
! tank water level signal to automatically l close the isolation valves.
I
- c. A LOCA si7nal will shut RCW isolation l valves which will shut off RCW flow to
! all nonessentt ; equ?pment n::ept the
! IA/SA e impressors, CJiD oumps and CUW pumps.
3 w
I s , . . . . . . ,- - - _ . - , . _ _ . . _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ . _ _ _ _
O O O
." Table 2.11.3a: REACTOR COOLING WATER (RCW) SYSTEM (Continued)
" Inspections Tests, Analyses and Acceptance Criteria inspections. Tests, Analyses Acceptance Crite.ia Certified Design Commitment Tests simulating LOCNLOOP conditions 5. LOCA/ LOOP signal successfully starts
- 5. A LOCA will result in the automatic start of 5.
will be conducted for the RCW system second RCW pump and initiates RCW/RSW the second RCW pump in each division and Hx flow in ead. division including the start f80 w through the third RGV/RSW Hx which confirm the RCW and it's support systems will perform it's function under following confirmations-in each division.
those conditions. Tests will be conducted for the RCW, which confirm that after the a. Regardless of which ROV pump was During LOCA/ LOOP (loss of coolant operating during normal operation accident / loss of off-site power) conditions. LOOP, each division of RCW pumps and valves operate with the same divisit.1 of before the LOCA, after the LOAC/ LOOP j RCW pumps and valves are powered by simulation occurs, the first and second the emergency diesel generators (D/G). emergency D/G power and associatet, DC control power sources. RCW pump will start automatically, powered by the emergency diesel generator.
- b. Regardless of which two RCW;REV f* s . 7re operating before the LOCA,
& LOCA/ LOOP occurs, the hCW r.% 3 .peraied valve on the third Hx y disenarge will open automatica!!y. i I
r Y
G b
N
l ABWR 0:sion 0:cument O Table 2.11.3b: REACTOR BUILDING COOLING WATER CONSUMERS DIVISION A Emergency Normal (LOCA)(Sup-Operating Mode / Operating Shutdown at 4 Shutdown et 20 Hot Standby Hot Standby prooston Pool l Components Conditions hours hours (no loss of ACI (loss of AC) et97'C i l
MCW!R$W Heat 2 3 3 2 3 3 Exchangers j in Sereice
' ESSENTIAL Note t Emergency Dw- - - - - X X sol Generator A RHR Heat - 'X- X - X X Exchanger A ,
FPC Heat X X X X 4 X Exc. hanger A g Others (essen. X X X X X X
\. tiell(Note 2)
NON ESSENTIAL RWCU Heat X X X A X -
' Enchanger inside Drywell _X. X- X X X --
(Note 3)
Others (non- X X X X X X
. essential)
(Note 4) '
NOTES:
(1) (X) . Equ4 ment receives RCW in this mode.
(-) = Equipment does not receive RCW in this mode.
(2) ' HECW refrlprator, room coolers (FPC pump, RHR, RCIC, SGTS, FCS, CAMS), RHR motor and seal coolers (3) Drywell1A & CI end RIP coolers.
(4) instrunwnte and service air coolers; RWCU pump cooler, CRD pump oil, and RIP My sets.
2.11.3 -6 1/17/92
.a ..__..-u..-,. - - _. -
ABWR oesign Documept Table 2,11.3c: RT! ACTOR BUILDING COOLING WATER CONSUMERS DIVISION B Emer0*n*Y Normal (LOCA)(Sup-Operating Model Operating Shutdown at 4 Shutdevn at ?0 Hot Standby Hot Standby pression Pool Components Conditions hours hours (no loss of AC) (loss of AC) at 97'C RCW!RSW Heat 2 3 3 2 3 3 Exchanger-in Seryk.e ESSENTIAL Note ?
Emergency Dw - - - - - X X sol Generator B X W X RHR Heat X Exchanger B FPC Heat X X X X X X Exctanger B Others (essen- X X X X X X tialMNote 2)
NON-ESSENTIAL RWCU Heat X 3: X X X -
' . . :c,ar inside Drywell X X X X X (Note 3)
Others (non- X X X X X X essential)
(Note 4)
NOTES:
(1) (X) = Equipment receives RCW in this mode.
I H = Equipment does not receive RCW in th.s mode.
(2) HECW refugerator, room coolers (FPC pump, RHR, RCIC, SGTS, FCS, CAMSL RHR motor and seal coolers.
(3) Dry.vell(B) and RIP coolers.
(4) Reactor Building sampling coolors; LCW sump coolen (in drywell and reactor building), RIP MG sets and RWCU pump coolers.
' 1/17/92 2.11.3
- ABWR oesign oocument qn.
Le Table 2.11.3d:- REACTOR BUILDING COOLING WATER CONSUMERS
~ ~
DIVISION C emergency Normal (LOCA) (Sup-Opereth.g Mode / Operating Shutdown at
- Shutdown at 20 Hot Standby Hot Standby pression Pool
~ Components Conditions hours hours (noloss of AC) (loss of AC) at 97'c RCW/RSW Heat i 3 3 2 ~3 3 Enchangers -
'f- n. ,
ESSEMilAL Note 1 Emergency Die- a - -
X X sel Generator D RHR Huat -. X .' X - X X Exchanger B Others (essen- ~X X X X X X
' lialNNote 2) if .
NON48SENTIAL i
' Others (non, X .X X X X X I( essentialt (Note el
- NOTES:
- (1) (X) = Equipment receives RCW in this mode,
(-) - Equipment does not receive RCW in this mode.
L
- (2) . HECW refrigerator, room coolers motor coolers, and mechanical seal coolers for RHR and HPCF.
(3) instrument and service air coolers, CAD pump oil cooler, radwaste components, HSCR condenser, and turbmo building sampling coolers.
I:-:
l 't l
\
' /%l, 2.11,3 -B- . i '7/92
. -. - ~. - - . . . - . ., . .- - - - . - . - , . -
- .. . .- .= - - .-
7 ABWR Design Docuncnt
,e ~
b Figure 2,11.3a HCW DIVISION - A TE M SURGE TANK RHR Hx Z (Reactor Building)
(Reac'ar Building)
M L EMERGENCY D/G Z (Reactor Building)
(Reactor Building) SPuu M MUWP OTHERS (ESSENTIAL)
(Reactor and Contn i Building) g p
A M M h pg hy_ _ CRD & CUW PUMPS (Reactor Building)
- i -
M l
.__ g ___
OTHERS (NON ESSENTIAL) . ,__ _ _ _ _ _ _
i (Reactor, Radwaste anci Turbine Building) ,
I- I
. __ . _ IA/SA COMPRESSORS . . _ _ _ _ _ _ _ _ _
l (Turbine Building) i I l M M M ! U
-Y DRYWELL EQUIPMENT -b - "'
-@ CONTAINMENT CONTAINMENT M
V h RCW Hx (Comrol Buildinci i
C
_.RSW >' RSW RCW PUMP (Control Building)
(Control Buildina)
RSW RSW RCW Hx C (Control Guildina)
RSW >' '
> RSW RCW PUMP (Control Building) 2.11.3 1/17/92
ABWR Design Document -
i n)
(. Figure 2.11.3b RCW DIVISION - B F TE M SURGE TANK ss RHR HK A (Reactor Buildino'-
^ "
(Reactor Building)
M' L EMERGENCY D!G b (Reactor Building)
FPC HX E D SPCU (Reactor Building)
M MUWP OTHERS (ESSENTIAL)
(Reactor and Control Building) g F M A M gs y__
CUW PUMP
__I O (Reactor Building)
I M l
,__ ___ OTHERS (NON-ESSENTIAL) ,_______
i (Reactor, Radwaste and Turbine Building) ,
I I I i
! M M i M ! V m
DRYWELL EQUIPMENT - b i- -
-(s) li CONTAINMENT CONTAINMENT
- Z y __
h !
I RCW Hx (Control Bui!dind C
RSW D' RSW RCW PUMP M (Control Building)
(Control Building)
M RSW RSW J b RCW Hx (Control BuildinM C
RSW > RSW RCW PUMP (Control Building) 2.11.3 1/17/92
t ABWR Desion occument
-7 y
()
Figure 2.11.3c RCW DIVISION - C SURGE TANK w's RHR Hx hT T N)
(Reactor Buildino)
(Reactor Building) -
~
M L EMERGENCY D/G (Reactor Building)
C >
SPCU M MUWP OTHERS : ESSENTIAL)
(Reactor and Control Building) g p
A M M h X h ,,_ CRD PUMP ,_ q i (Reactor Building)
, M l' p_,,__ g ___ OTHERS (NON ESSENTIAL) ,__,_ _ _ _ _ _ _
i (Reactor, Radwaste and Turbine Building) ,
l
_ _ ____. _ _ _ _ IA/SA COMPRESSORS . _ _ _ _ . _ _ _ _
(Turbine Building)
U 4
A g RCW Hx (Control Buildina)
C I '
R W Hx (Control Buildino)
M RSW
> > RSW q ,
V b RCW Hx
-(Controt Bui! dine)
C RSW-M > RSW HCW PUMP (Control BuiHing) 2.11.3 1/17/92
^A8WR c:sion 0:cument nA V-
.2.12.13 Emergency Diesel Generator System (Standby AC Power Supply)
Cesign Description The Class 1 E diesel generators comprising the Disisions I,11, and 111 standby AC power supplies are designed to restore power to their respective Class 1E distribution system divisions as required to achieve safe shutdown of the plant and/or to mitigate the consequences of a loss-of-coolant accident (LOCA) in the event of a coincident loss of normal electrical power. Each of the three divisions of the AC power system has its own diesel generator.
The major loads consist of the following systems for all three divisions: Residual -
Heat Removal (RHR) System, Reactor Building Cooling Water (RCW) System,- l HVAC Emergency Cooling Water (HECW) System, and Reactor Senice Water
]
(RSW) System. In addition, Divisions 11 and 111 include the High Pressure Core Flooder (HPCF) System loads. (The Division i RCIC system is also part of the y ECCS network, but is steam-driven and therefore does not present a significant load to the diesel generator.)
Each Class 1 E standby power system division, including the diesel generator, its auxiliary systems, and the distribution of power to various Class 1 E loads through p
'd the 6.9 kv and 480 y systems, is segregated and separated from the other divisions. No automatic interconnection is provided between the Class lE divisions. Each diesel-generator set is o}. rated independently of the other sets, and is connected to the utility power system by manual control only during testing or for bus transfer. A failure of any component of one diesel generatbr set will notjeopardize the capability of either of the two remaining diesel generator sets to perform their functions. The diesel generators are Seismic Category 1, and are located within the Reactor Iluilding (see Figure [later]).
Each diesel generator unit is rated at 6.9 kv,60 Hz; and is capable of automatically starting, accelerating, attaining rated frcquency and voltage within 20 seconds, and supplying its loads in the sequence and timing specified in the plant design documentsJ In addition, each diesel generator is capable of starting, accelerating and nmning its largest motor at any time after the automatic loading sequence is completed, assuming that the motor had failed to start initially.
L The diesel generators start automatically on lo ,s of bus voltage. Under-voltage sensors are used to start each diesel engine in the event of a sustained drop in bus voltage below 70% of the nominal 6.9 kv rating of the hus. Low-water-level sensors and drywell high-pressure sensors in each division are also used to initiate the respective diesel start under accident conditions. However, the nV dicscis will remain on standby (i.e., running at rated voltage and frequency, but unloaded) unless the bus under-voltwc sensors trigger the need for bus transfer to the diesel supply. Manual start capability (without need of DC power) is also
_ provided.
2.12.13 1/17/92
A8WR Design occument n -
L)
Each diesel is supplied by its own independent fuel tank, which is located in an ,
area protected from natural phenomena, and which is capable of supplying fuel I for at least 7 days of continuous operation.
The standby AC power supplies are designed such that testing and inspection of equipment is possible during both normal and shutdown plant conditions.
Each standby AC power supply is composed of a three-phase synchronous generator and exciter, the diesel engine, the engine auxiliaries (including the fuel tanks), and the control panels. Figure 2.12.13 shows the emergency diesel generator system interfaces, which includes the interconnections between the offsite power supplies and the Disisions I,11, and 111 diesel-generator standby AC power supplies.
The transfer of each Class 1 E bus to its standby power supply is automatic, should this become nuessary, on loss ofits offsite power. After the circuit breaker connecting the bus to the preferred power supply is open, major loads are tripped from the Chtss 1E bus. except for the Class 1E 480 v unit substation feeders. Then the diesel-generator breaker is closed when required generator voltage and frcquency are established. The large motor loads are later re-applied sequentially and automaticallv to the bus after closing of the diesel-
] generator breaker.
Each diesel generator is capable of being started or stopped manually from the main control room. Start /stop control and bus transfer control may be transferred to a local control station in the diesel generator room.
Each diesel generator, when operating other than in test mode,is independent of the preferred power supply. Additional interlocks to the LOCA and loss-of-power sensing circ uits terminate parallel operation tests and cause the diesel generator to automatically revert and reset to its standby mode if either signal appears during a test. A lockout or maintenance mode removes the diesel generator from senice. The inoperable status is indicated in the control room.
Devices monitor the conditions of the diesel generators, and efTect action in accordance with one of the following categories: 1) Conditions to trip the diesel engine even under LOCA,2) Conditions to trip the diesel engine except under LOCA,3) Conditions to trip the gent ator breaker but not the diesel, and 4)
Conditions which are only annunciated.
Inspection, Test, Analyses and Acceptance Criteria Table 2.12.13 provides a definition of the inspections, tests, and/or analyses
'p together with associated acceptance criteria which will be undertaken for the V emergency diesel generator system.
2.12.13 1/17/92
O O O P' Table 2.12.13: EMERGENCY DIESEL GENERATOR SYSTEM . j
.~ ,
O Inspections, Tests,' Analyses and Acceptance Criteria Certified Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 1. The three diesel generators are capable of 1.a Confirmatory inspection will be performed 1.a The maximum loads expected to occur for l
supplying sufficient AC power to achieve to assure the maximum design loads each division (according to nameplate safe shutdown of the plant and/or to . . expected to occur for each division are ratings)shall not exceed 90% of the rated '
- mitigate the consequences of a LOCA in within the ratings of the corresponding power cutput of the diesel generator (i.e.,
the event of a coincident loss of noimal diesel generator. 4500 kw).
power. (See Figure 2.12.13.)
1.b Testing will be conducted by synchronizing 1.b Each of the three ut'its shall produce rated each diesel generator to the plant offsite power output (5000 ?w) at 20.8 pf for a power system and increasir.g its outnut period of 224 hours0.00259 days <br />0.0622 hours <br />3.703704e-4 weeks <br />8.5232e-5 months <br /> imomentary transients power level to its fully rated Icad cond; tion. excepted). Each unit will then experience full load rejection by tripping the ioad and verifying the unit does not trip.
- 2. Each diesel generator is rated at 6.9 ky, 2. Perform a test of each diesel generator to 2. Each diesel generator attains a voltage of . j three-phase,60 Hz; and is capable of confirm its ability to attain rated frequency 6.9 kvi10% and a frequency of 60 Hzi2% '
attaining rated frequency and voltage and voltage. within 20 seconds after application of a ;
f3 within 20 seconds after receipt of a start start signal signal.
- 3. In the event of a loss of normal power,each 3. The automatic and manual start sequences 3. Each of the three units starts (via each diesel generator unit is capable of starting will be tested for each dietet generator manual and automatic signal), accelerates, j (both manually and automatically), . unit. and properly sequences < t loads in accelerating, and supplying its loads in the accordance with the pla.. . sequence proper sequence and timing specified in diagram. The load sequence begins at the plant design documents.- It is also 2012 seconds and ends sSS seconds..
capable of recovery following trip and Following application of each load, the bus restart of its largest load. voltage will not drop more than 25% at its -
terminals. Frequency should be restored to within 2% of nominal, and voltage should be restored to within 10% of nominal within 60% of each load-sequence time interval. In addition, the unit's largest motor load shall be tripped and restarted after the unit has completed its sequence, ,
and the bus voltage will recover to 6.9 .
kvi10% at 60i2% Hz within 10 seconds.
5 Nw
Q- 0 O Table 2.12.13: EMERGENCY DIESEL GENERATOR SYSTEM (Continued)
~
0 inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment ' Inspections, Tests, Analyses Acceptance Criteria
- 4. Each diesel generator unit is capable of 4. Each unit will be tested to assure its black- 4. Black-start capability is demonstrated manually starting without the need for . start capabilityis functional following manaal start, acceleration, and external electrical power. bus energization for each of the three units -
without assist from any external electric -
power.
- 5. Interlocks to the LOCA and loss-of-power 5. Interlocks for the standby AC power - 5. While in a parallel test mode, each unit will sensing circuits terminate parallel ' system will be tested. revert and reset to its standby mode operation tests and cause the diesel following individual application 'of a LOCA .
generator to automatically revert and reset signal and a loss-of-power signal to its standby mode if either signal appears during a test.
- 6. Devices monitor the conditions of the 6. Using simulated signals, protective 6. Successful circuit testing will be confirmed .
diesel generators, and effect action in interlocks and annunciations will be tested forthe individual diesel generator accordance with one of the following to assure they perform their functions, in protective sensors according to the l
g categories: 1) Conditions to trip the diesel accordance with the four categorica! following:
l engine even under LOCA,2) Conditions to - conditions described.
trip the diesel engine except under LOCA, Cateoorv 1 sensors:AnnuncirQns and
- 3) Conditions to trip the generator breaker diesel engine trip signals will be confirmed but not the diesei, and 4) Conditions which . in combination with a LOCA sg. sal.
are only annunciated.
. Catecorv 2 sensors: Annunciations and
(;iesel engine trip signals will be confirmed without a LOCA, but trips will be bypassed w1 hen LOCA signalis present.
Category 3 sensors: Annunciations and generator circuit breaker tr p signals will be confirmed.
Catecorv 4 sentors: Annunciation signals will be confirmed.
N w
ABWR Design 0:cument Figure 2.12.13 EMERGENCY DIESEL GENERATOR SYSTEM INTERFACES P,s.,e an.ma. P,.4.,,.d 4 P, :.. 4. ..
w.<. w.a. w.. w.a. wa. wa.
DG CTO CTO po CTO I
YY Y YY Y L' Y M %""
i
- 1 6.9 kV h v) . *p ups l 6 9 nV b +{ m gpg 6.S a v b +{ *UPS- p (PS l bTN Vac Vdc kW Vac Vdc k n:
Vac Vdc k r:s Vac Vdu HCH HPCF HPCF PRESSURE SYSTEMS
,r --
\,j LOW RHR RHR RHR PRESSORE SYSTEMS ACW RCW RCW AUXlLIARY HECW HECW HECW CO& LNG SYSTEMS R$W RSW RSW Oth., W Otne, Otn., Oin.r Orn.r R
6.S kV 480 V 6 0 kV 480 V 0.9kV 400 V Londe Loads Loada Loads Loads Loads SYSTEMS 9
DNtSON 1 OtVISON 11 DIVlSON 111 DNISON IV
'f).
.o 2.12.13 1/17/92
ABWR 0: sign Document
(
2.15.12 Control Building Design Description The control building (Cll) is the buihling that houses the main control room, control equipment and operations personnel for the Rea'ctor and Turbine Islands. The control building is located between the reactor and turbine buildings.
In addition to the control room and operations personnel, this buildmg houses the essential electrical, con trol and instrumentation equipment, essential switch gear, essential baticq rooms, the Cll heating and air conditioning (IWAC) equipment, reactor building component cooling water pumps and heat-exchangers, and the steam tunnel.
The general building arrangement including watertight doors and sills for doorways where needed for flood control is fo'md in Figures 2.15.12a through 2.15.12g.
The Cllis a Seismic Category I structure designed to provide missile and tornado protection, q
Q The Cll b constructed of reinforced concrete with steel it uss roof. The CII has two stories above the grade level and four stories below. The building shape is rectangle. Major nominal dimensions are as follows:
Overall height above top of basemTt 30.5 m Overall planar dimensions (outside) 0 deg-l80 deg direction 24.0 m 90 deg-270 deg direcion 56.0 m Thickness of Outer Wall from -8.2m TMSL to 17.15m TMSL 1.2m frota 17.15m TMSL to 22.2 m TMSI, 0.6m Thickness of Steam Tunnel Walls, Floors, and Ceiling 1.6m Thickness of Walls supporting Steam Tunnel 1.6m Note that dimensional variations shall be within the limits which will have insigniGcant effect on the structural design.
The Cllis a shear wall structure designed to accommodait all seismic loads with its perimeter walls. Therefore, frame members such as beams or columns are designed to acconunodate deformations of the wallin case of earthquake
/
condition.
2.15.12 1/17/92
1 ABWR oesion Document k To protect against external flood damage, the folloning design features are provided:
- a. wall thickness below flood level greater than 0.6m.
- b. water stops provided in all construction joints below grade.
- c. watertight doors and piping penetrations installed below Dood level.
- d. waterproof coating on exterior walls,
- c. foundations and walls of structures below grade are designed with water stops at expansion and construction joints.
- f. roofs are designed to prevent pooling oflarge amounts of water.
To protect against internal Good damage, the fol'owing design features are provided:
- a. elevation differences and divisional separations from remainder of the Cil.
- b. drainage system to divert water to assigned Door and location.
O c. sills for doorways as needed to provide flood control.
- d. watertight doors installed below internal flood lesel,
- c. wall thickness below internal flood level greater than 0.6m.
Inside the stezm tunnelis the mainsteam piping, the mainsteam drain line, and the feedwater piping. The steam tunnel has no penetrations from the steam tunnel into the control building. Any high energy line breaks inside the steam 1 tunnel will vent out to the turbine building. All standing water wdl collect in the large volumes in the lower portions of the steam tunnel at the reactor building or turbine building ends. -
On Floor BlF, there are Sre hose stands and reactor cooling water (RCM Pi ping, it is designed that any rupture of the Grc hose stand willleak ot:to the floor and drain to the -8200 level by floor drains. Sills wCl be provided a' doorways to prevent the entry of standing water into the control room complex.
The RCW piping runs vertically in a concrete pipe chase. No Doofing outside this pipe chase is possible.
On the Door where computer room located, there are fire hose stands, RCW piping, and aber piping systems. A limited amount of standing water is
,j expected upon a rupture of any of these systems. Sills will be provided at doonvays to prevent water from crossing divisional boundaries. Similar arrangements and designs are also provided for other Doors for Hoods protection.
2.15.12 1/17/92
ABWR oesign Document n
L)
During normal operation, the concrete surrounding the steamline tunnel provides shielding so that operator doses are below the value associated with unconttroll~d, unlimited access. The outer walls of tbc control building are designed to attenuate radiation from radioactive materials contained within the reactor building and from possible airborne radiation sunounding the control building following a 1.OCA. The walls provide shielding to limit the direct-shine exposure of control room personnel following a LOCA. Shielding for the outdoor air cleanup filters also is provided to allow temporary access to the mechanical equipnient area of the control building following a LOCA, should it be required.
The contral bmlding is not a vented structure. The exposed exterior roofs and walls of the structure are designed for the required pressure drop. Tornado dampers a.re provided on all air intake and exhaust openings. These dampers are designed to withstand the specified negative pressure.
Inspection, Test, Analyses and Acceptance Coiteria Table 2.15.12 provides a definNon , r th : inspections, tests, and/or analyses, together with associated acceptance c,;teria which will be undertaken for the control building.
/D
,.Y l
O ti l
2.15.12 1/17/92
. 1. ,
o o p;
- C . Table 2.15.12: : CONTROL BUILDING sn
'O Inspections, Tests, Analyses and Acceptance Criteria
' Certified Design Coremitment - Inspections, Tests, Analyses Acceptance Criteria i
- 1. Control building general arrangement is 1. Plant walk throu,,n to check and verify 1. Per Figure 2.15.12a through 2.15.12.g.
shown in Figures 2.15.12a through requirements are met.
2.15.12g.
- 2. Design features are provided to protect 2.. . Review construction records and perform 2. For external flooding:
against design basis internal and external visual inspections of the flood cc.itrol , a. Exterior wait thickness below flood j floods. features. . level grecter than 0.6m.
- b. Water stop
, c. Watertight door and piping penetrations below flood level
- d. Water proof coating on exterior walls
- e. Foundations and walls of structures below grade are designed with water -
stops at expansion and construction joints
- f. Poofs are designed to prevent pooling h of large amounts of water.
For internal flooding:
- a. Elevation differences and divisional senastion of the mechanical functions from the remainder of the CB
- b. Orainage system to divert water to assigned floor and location
+ c. Silis for doorways as needed to provide flood protection
- d. Watertight doors installed below internal flood level
- e. Wail thickness below internal flood Ic rel greater than 0.6m.
- f. Steam tunnel has no penetrations from the steam tunnel into the control building. Any high energy line or feedwater piping breaks inside the steam tunnel will vent out to the Turbine Building.
5 E
w
- . . . - ..m
l'
- O 10 D
-. mt- ' Table 2.15.12: CONTROL BUILDING (Continued).
O ' inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment . Inspections, TW.,, Analyses Acceptance Criteria
- 3. The control building is designed to have L 3. ' Performed dimensional inspections of the' 3. ' The concrete thickness for the steam adequate radiation shielding to protect Control Building walls, ceiling, floors, and ' tunnel wall, ficor and ceiling shall be operating personnel during operation and. other structural features. greater than 1.6m. The steam tunnel following a LOCA. _ interface structure snd control building .
wall below the steam tunnel should have a -
combined thickness of 1.6m.
- 4. The CB is designed to protect against 4. . Review construction records and perform 4. Far tornado 2{
design basis tornado and tornado micsiles. visualinspections of the tornado..
protection features a. - Roof and walls above grade designed greater than 0.5m
~
- b. - HVAC darrpers designed for ditferential pressure > 1.46 psi.
- c. HVAC dampers have tornado missile
- barriers. ,
s l
l Y l
i .'
i s
t.
i m
g , r*' 3 .. -
)1l )i1'
.N Cg CI -
F F F F _.,
O
) . 1 2 3 4 f c. 4I B B B B f
A R
m_
G ,
O W-G
- E f
e
,j,;'4t: rg '!
j> ,,ilIta
- , :2,3 r ,
,!H;g,,#!!ao 4i4 -
,,!8h
_ ,h L .Et -
hm4'a._ .
- };&9h I m' e' u 1 vll liuL ri Oo*L
)
0' ei. p ," = li;+
i cg!bj~ !
7 r 2 r
- u c'
- c e - e" r
c e *-
,n 0
IIr %qLqhl; m4
- m a. !>Q- -
nl4il!t .-
u :,1 sv 9 ! p ;i
( a".! j~
c a
v s! i!!
T jl.*
J t s u - .
l ev .p!,e hli" j n'
O I
T A !
m-m uc
_riIyiw=l1alli" v
l i4 y
l w v-n.
r-t c
S
,m_ . - c
_ - se e
r b
E L -
sw m s4 ev w! n e
rhlon_.
l E . -
mM e*
v
.j!
- ,6f
- glo l ;j3t oil:L G
N
! ,i
.' ;,' ,i ; ; 1 1i
,i4=
- lJ I
D .
L " _ .
I U
r!!4l v B ==
- c w .
a m L
O n e '- L_ _
,3 j!
p_ E;dv.3 ! r!
= n i;, +l, m- w=44 -
oq'
- !4l,I R
. 4 ,
T us 2.
.a e ,rlsnna N ._ x
. - I O r
/
C a Lr d~
,! 6,;;'
r I!:
oI!i.J' l
,L ri#!t' m
2 , .
1 4 !
5 1 =>' ,;y! o;!;: .
2 a_
t u
sV i m.
o c
e
. e r
u cn i d j: l mR sC w t-c r.
vgt , ,g t
_ n i
F g e st' u
c r
e s
w _u _
e m
o
=W,,
. oA _
ni w w =
woOtni,al" i fi ,i y!
aY
!W, mr
_ vT>
j ,ljiI
_ w
,' e
-_ m,a svH t
=== _ n. r ea yOLnia
( d= n. -
,i r .
2!
- a. t , _
cn!!i!gej.?:w =# sri!of,.
i 1
i_
_e1! anj45x -:' _
' - j_r /{, w s 1 .t
+ -
!1L
,)4l .
,!lIp L 4 . ! ;i, l' O mt.
s s
x-x- =
=
e s
- c a,=
w w
c
- s. ,p
" ea~ <& eM
~,
ll lll I1ll ti l
~
y3 &^
n- s e -
r.,
i g q i-
. i . . - . . . _ . . _ .
9._- -
7: _ ,
M.
- 'N , L l li'/}
E n.p= ml[_illmL 1
L L ,l e1 ,
4
-, 't w.
' . n- . ,
1pr~..,yc_. .
2.-_ _rq ..
i
. ,l.
{r{n _.. _.. _
1
. Ms
.l.
I 1 P.y ,
1 i
tw kur.= .!axi,nr , "hurr urr xif c.. 1 ;- i_.._7[rrr i,d9 i
- l V s L=q i F v$
5 1 i
) h4,_X.,_ -Sll 45 l
- u. 9 lise ;
m 3 e.
. r Ci" fy.d '
y ~l l
o- , ;
oa J f.__......,_-_.._.___._
.____...._;_x J
,c
.4 i,...._,___.,~____..;_______._._-
ll
'2.
- )
3 t .
,J a .
o 1 I W c
C>
o
.c
~
LO ~
r _ _ _ . _ . _ . . _ _ _ . . . _ ..__
en
---..,L._:
Q u- n ut
> aa s m
,kn'ith n
-- :__-d23 >
$ N w 5 4 SS
- W1 T- f5
, axf n c Q.
t .:la ~:. [pn____c{n I I .. a_
l
_t [
n p
zip j
29 .
p' ;
i l -
_d
- m. 52 d :=ctrx,l e L I _,L L
i 1 ~\ V. ! iH l iy "i[~lmiTITi ' !
s -
L.d.INL t I 4
i l
{ _ ..i.. _- __
2.15,12 1/17/92
=
9 .
) .
O :
tf;i ,
gi1 y
.s ,di 5
g e3"I
,:' ,j;r t.;,
i1 +1'1! 4 l:L !
y '
i AF\l E
D w
0 =0 .
A R
G D
N
_ l 1
d J= , -J !
_m U
O
=-- j i
V R -:
, ;}. sI l
G jr Ll n'
F R E O D O A L R F
OGN f i a
m n
u o
c
.O
=
-F I
G D
N D
I U U O
~
B R_ .
L 1 G
O J_
R _
T N
- N Lo '
nJ J_
4l O -_
C c
- L 2 l ,
1 -
5 . 4 1 T E
S 2 G e
r M -
u _-
i g O O u. 1
. J_
F
.I1_
i
,V _
~hyupt1F i
~ .
.p _
g- wym 3
l V-
- r. f :Lj : j F 6 E -
- i i
-/
! jii-
~
0 :
g.
" w* ~ .T 5e8 c' , , .: lL LIl L
. . . . . . m_ . ._ _ _ . . . . _ __ . _ _ - _ _ . _ . . - _ _ . . _ _
j..
Woooto uulivM
$5 9%v VO tu b2.NO3
_ .. g , _ . - , , .
i _..____.__,y _
g_ . _ _ _ .
v; - - :
am 12.r m = mr : . .W - -- d_+" ';;
I
.r
. r - z=,a -
I ! N l_ J -p-
=4
---d
!l
. {~] [ = == = '
- g g .p u
p=_
L 3 5. -_=q r-4 d 4
I .
I L=-
l i
m t .== ; @;
3' n -4 0: l !
b- ll I
O l '
L O m- .. . _...- ___.__-..]
ih.]
._.L-.-.- -. . . - . _ . _
.[ _ .._._ _._ _,.c'.__._.f
! 2
--- b "> +
i s
3 i
l r
I I.
l A i g3' v @1 +] gg tl!sy =>l 0 l
[==== ,2 ~
l O . .. .. . . ._ . ,N. - t c
jy *y N
i- >
1 N - ,
'". '* I
- = i in u j e- r l i
( el " . -' l l
_'l .,a e u ,4, y b f'I~
a' _ql._...________li'! hl'~~ I Li" 5 i
-e
- ce 0c=j l
, t g ; s l 5 f ) y^'
l p=== ==q j 7=j i .1' !! j
_L b .
- l. b lt l
, 2 ======C !! Yl ===I=f H b
~
1 3. u I -
h e __ _ _ .. .
. -- p , . g ,
s-
. , f,m,,m- 4 l .
h o j 7 n . ._ ._ ..
~
l
- j i n!,
4 b__._._-______. _ . . .
l l
2.15.12 1/17/92
.v.
f' k,
2 u
a t
iI
.T M. n .~.~
. - -. _ _ ..!_ .Q=_.-
c 35 k y-bN r==?
..4_ . i L __.. .~.-. ... Ij .
_ (.
LL 4 re k i e>
fi e '
sea ii 8 ii i d k=d
(,9 li
-._.._.-.__g,
-m . __.._. _ _ ._... _ ._ _ ...-_. _.__ _ r n h, '
3
==!
D G m Va 0 'l- - ,-.
E - .. ji g5
.g- p 3 O U U =b O gm. l N h e- _L j
in -
- f. ]._4 N l ! I e ! _. ._......____.__J -
} Y[\ t-it i .-..-._
sv ,.--- - .--..-. . --- - ),- -
I i
$h Sg5 >
[3 ]
- w ,p j ,
- .. . :r$
+4___.,_ _ _. o!
l! l' l
l [. I 1 -t :l !
) O ~du O E=M g!ah 1 s H I
i
! ! j
.h;- c... _. ,_ n_ : _.. rm r.- J ( )
-, i O. -
\ / c = , ,.n , l
/
l ! ! I l.10 di.. ' .J
. - - . , . . . .. _... .__.n . . . - -
l l \
! 2.15.12 1/17/92 l l
- + ! ' ,' t' , 6 i i !i).l Lkt lf!r r!!;,
A r
n uh s
uM ch xd E
eb*
t!il
-;;. , i ,i'j' q1; r r;1.!; !l;-
_3 e";
-lIIi ' >'{i ,
G;u M = [-
!1ii" Il:
- ~
li ,; ' , ;,l: e
'1I!;4 : , , ;:j .! l 1
_1 r _-
e _
,bg .' !- "!' ;il
'J ar h_
(u
~
F -- iP!. i- '
.iq't
,f :
3 B .P i!_ '_i_.
. R _
O _
O !;44I:ili t_
L !!i= I F
,'g. 'ta .
l u_
,iI!ll!;13llj, G
N I
D
= _
,!liL L
I r4t4
- - ill
- ! { ,4l a _.
U OB L O FJ L p;.1_
R _
T $[lp loI FJ$hnNa!!j i l!s!!m _
N _ _
l O '
C :
f ._.
2 - .
1
!ill11i!l!
i F I 5 ~ ,i; i!!i I
J.
1 - _
r .
1 2 .
e a ._
- r ya fnt u -
,f !f ji1ei g
i F
= _
= _
yh 1. q nii:1h, 1o#1J. =
FL Ji u:' '
=
=.
.r
_ z .
w ,
_ v_w _ s w
s c i!' :!.!l:
_s1_ : e l}i. ;i! ,!!
- i'_ .
d L .-
pdgvy!, n -
/ ,il-! rw! --.r!
-- s.
pl6 _ *
=_
ill i1i :;!
ii iI
~
' =n
_ = =. _. _
=
=2
[jef=
_ 2 -
,. AI
"._ .M
. autem
O O O t3 Figure 2.15.12g CONTROL BUILDING FLOOR B4F m
a
_ _ t
! N '
. ls
. VIATERTIGHT DOOR i WATERTIGHT DOOR l a
d7 i
1 r--
~
] .I l r i i i
r- : .
, ! I- I i' .;
, .i [' 2 i
1> .
!- ! t i ! ! i l' rj ! n 11 '. :
i i l' L_
i n)
L._
i L_J ii i -
t : i 1
' I i i l i i i ,l l
il ,
- l
'i i
! 9 ; j i ;
- lE ij j i RCW. "B" l RCW. *A' { RCW.T ; e N
E!;
=;! ,
,1 i
!l
.i
[~l C R
- f,h !i
!E y!
, . l ,
. + i : i;
!!I "j l l I i 'l l 1
w
- i. _ _
y .J l ! J i,
i 9 -
l i i i
! I i f
L !' -
l 4
L...____ . ,_ _ .~I d
iB N
m_. __ . _ . . . . _ . - _ _ _ .. ._ _ . . . _ _ . . _ . _ . . . _ . . . _ . . - . . _ _ _ . . . _
a
- ABWR Design 0: cum:nt
- O
~ 3.0 EXAMPLES OF GENERIC AND DAC ITAAC ,
-This section provides examples ofITAAC related material that is not within the scope of the system-by-system approach used to deselop the pilot examples in Section 2.
)
10-7
- Jo l
-1 l
3.0 1/17/92 ;
~
f' ABWR oesign Document
- 3.1 ENVIRONMENTAL QUALIFICATION (EO) GENERIC ITAAC This section contains a proposed ITAAC covering emironmental qualification (EQ) of safety equipment, it is based on a programmatic approach to EQ and is representative of the scope and content anticipated for other generic ITAAC -
entries covering similar technical issues.
g v
I l
l JO;
~ 3.1 1/17/92 r ,-- ,,_
O O O 1
.t Table 3.1: CONSTRUCTION-RELATED ITAAC - ENVIRONMENTAL QUALIFICATION EXAMPLE Inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment inspections, Tests, Analyses Acceptance Criteria Mechanical and electrical equipment Documentation relating to EQ issues will it will be confirmed that a comprehensive i important to safety will be qualified for the. be audited for selected equipment items list of equipment important to safety has .;
i environmental canditions that will exist up important to safety. This documentation been prepared. The following information i to and including the time the enuipment . ill be in the form of the equipment for this equipment shall be provided in a ;
has finished performing its safety-relatad . t alification list and the device specific qualification file and subject to audit function. Conditions that exist during : qualification files. The audit will consist of normal, abnormal and design basis a statistically valid sample of the - a. The performance specifications under .
accident events will be considered in terms ; qualification files. Timing of the audits will conditions existing during and ;
of their cumulative effect on equipment be phased so as to include a representative following design basis accidents. For performance. These conditions will be sample of all qualification activities. electrical items this will inclur_a the considered for he time period up to the ' Sample selection will be biased towards. voltage, frequency, load and other ,
end of component refurbishment interval complex equipment which utilizes . electrical characteristics for which the ,
or end of equipment life. These conditions . materials potentially susceptible to performance specified above can be - i include number and/or duration of degradation and is located in areas subject ensured.
equipment functional and test cycles / .. to harsh environmental conditions. In the .
4' events; process fluid conditions (where ' event noncompliances with the Acceptance b. The environmental conditions, applicable); the voltage, frequency, load, Criteria are discovered, the sampling including temperature, pressure, ;
, and other electrical characteristics of the process will be expanded to include an humidity, radiation, chemicals and ; i equipment; the dynamic loads associated audit of the attributelsiin question for an submergence at the location where the l with seismic and other vibration inducing equal or greater sample of items.
equipment must perform as specified i events, and the pressure, temperature, above. This willinclude environmental humidity, chemical and radiation The audit will include review of specified conditions defined in 10 CFR 50.49, for environments, aging, and submergence (if environmental conditions, qualification electricalitems and shall include any) that can affect or degrade equipment methods (e.g., analyses or testing), and consideration of synergistic effects and j i performance. documentation of qualification results. margins for unquantified uncertainty. t
- c. The testing method used to qualify the ,
equipment. Each item of equipment !
important to safety must be qualified ;
by one of the following methods:
- 1. Testing an identical item of j equipment under identical l conditions or under similar conditions with a supporting -
analysis to show that the i e equipment to be qualified is i
$ acceptable. !
~. , _ _ _
i
- l. '[T v L1 v
- g Table 3.1
- [ CONSTRUCTION-RELATED ITAAC -- ENVIRONMENTAL QUALIFICATION EXAMPi.E' Inspections, Tests, Analyses and Acceptance Criteria
'. Certified Design Commitment Inspections, Tests,' Analyses - . Acceptance Criteria (Continued)
- 2. Testing a similaritem of equiprnent .
~
with a supporting analysis to show that the equipment to be qualified is acceptable.
- 3. Experience with identral or sirnitar equipment under similar conditions with a supoorting .
analysis to show that the equipment to be qualified is acceptable.
' 4. Analysis in combination with partial type test data that supports the ana ytical assumptions and conclusions.
- e. The results of the qualification have been documented to permit verification that the item of equipment important to safety-
- 1. Is qualified for its application; and
- 2. Meets its specified performarce requirements when it is subiected to the conditions predicted to be present when it must perform its safety function up to the end of its qualified life.
d w
_ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ . _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ . _ . _ _ _ _ _ . _ _ . . . _ _ _ . _ . . . _ _ _ _ __m
BWR oesign Document 3.2 RADIATION PROTECTION DAC ITAAC This section presents a proposed set ofITAAC entries addressing the issue of
, plant design featnres required for protection of workers against radiation.
Numerical values of source tenns are dependent upon as-built /as-provided equipment. Constquently, design details and final dose evaluations cannot be performed at the time of design certification and included in the SSAR. Closure
. of thisissue requires:
- a. Incorporating in the SSAR material which describes toe basic plant features and the methods which wil: : used to evaluate occupational exposures when equipment details are available, and
~~
- b. establishing design acceptance criteria (DAC) ITAAC which will be used when the processes described in the SSAR are properly executed.
Tables 3.24 and 3.2b are the proposed DAC entries covering plant radiation protection. Table 3.2c is provided for information and summarizes the material that will be included in the SSAR to support resolution of this issue.
O e
3.2 - 1/17/92
.., m
(. ; p. ~g s V . ,V
~
l- Tat * ~ 3.2a: PLANT SHIELDING DESIGN Inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment. ; inspections, Tests, Analyses ' Acceptance Criteria
- 1. The plant design shall provide adequate - 1. Analyses shall be performs.d to identify the 1. The design shall identify in the SSAR all .'
shielding to insure low radiation levels in .. areas of the plant normalBloccupied and to areas of the plant deemed normally areas normally occupied. identify the radiation levels in each area. occupied. The evaluation supplied will The analyses shall be based upon the show radiation conditions to be well within following: (defined as 25%) of the limits as given in SSAR Subsection 12.3 for the area.
- a. For each area , significant sources of radiation (greaterthan an estimated 5%
contribution) near the area will be identified and categorized by reference to the source terms found in SSAR subsection 12.2.
b.' For non-complex geometries, point
' kernel shielding codes such as QAD h' using nuclear properties derived from well known sources such as Vitamin C, ANSI /ANS-6.4 shall be used to model and evaluate area radiation environments.
- c. For complex geometries, more sophisticated two or three dimensional transport codes such at DORT or TORT will be used to model the radiation environments.
- d. In any calculation, a safety factor shall be applied based upon benchmark
- comparisons of the code and data as applied to known and measured
- environments.
.N N
w
~. =. =- _ _ . - - - _ . - . - - . . _ ~_. . . _ _ - .-, . - _ _ _ _ _ - _ .
b b
g Trble 3.2a: PLANT SHIEi DING DESIGN (Continued)
Inspections, Tests, Analyses and Acceptance Criteria inspections, Tests Analyses Acceptance Criteria Certified Design Commitment
- 1. (Continuedi
- e. The as built shield thickness sha!! be checked to insure that wall thickness are at least as large as the assumed analysis.
The computer codes referenced above are representative only and do not designate required analytic tools.
Using the methods ider.titied in (1) above. 2. The design shall be shown to reduce the
- 2. The plant design shall provide for shielded 2.
anasy:.es will be perfonrned for areas radiation field in the high area to a small cubicler labyrinth access, and space for identified as high .adiation areas in the fraction (10% 0. less) of the radiation field te m pt :/ shielding to oermit shielding of in any adjacent low radiation areas or less high . 4 ion areas so that adequate SSAR to determine the shielding *or area +
than 0.06mrtr which ever is targer.
maintennre space can be provided of low radiation.
'i' without a ny significant r >diation exposure from adja':ent equipment.
Radiation levels in areas with vital 3. The designs shat! provide for a radiation
- 3. The plaret design shall permit access and 3.
3 equipment as stipulated in SSAR section level of < 15 mrem /hr (averaged over 30 egress to vital areas of the plant under days) for areas requiring continuous 12.3 shall be analyzed using stanc -
l accident canditions. occupancy and a dose of s 5 rem whole design basis source terms such as given in
( TID 14844 and the shielding identified in (1) body (or its equivaient to any part of the and (2) above.
body) for areas requiring infrequent access.
e
IlI! lilj! i n t rn nsl oua l
h e y _
n oi d c ht
, it o s ror r edo%d it amia t e i l n
O h i / i ar s r d b
~ nf h et 0 e ao e e t i i
e i v w in1 es t.r a tr t
. adgt a1 a f 0 h pt id v h a rpaig o n>iec t
i r reeiar(
t t h ntnn l
u eps r otn at ti dcf geoip t, acaicn p ea h n c ncl ic t
n0h i
cl r oe mte (y w r el eru; vne oir oscit i
dengo2t e o _
r uom a'snm i
r enct s ie a o niRae b pl eb h veo oc o i
a ia cdsadoas perh aF cit l i
ubgr t i ri i
r e r ese cir n cf rl on r
uh i t rC b r l a sr obr qaa ia ebk eut vqsah do t
o n wa i oil i ct c eiraatn0 r h
s let ic ero ee ad s h eor 0 a
ba ia f
i C
r n a gefnloot t a aat a cmt r ot ya pb cf ce e1 ia s r oey h pl t le t a l sme1 n n ntot no e o ein t l i i e ndpsn o rl fogee hnve v i
)s vi m sid i l c st nio r a oae l
ago u o st t aap a wih t t ot di h n eiair t c mis si oc r c i
n nhml t i e l sa r r r ii t
a da t
n ml l
iawoe t
sbon r odi eohie it alet o shr n ce eaipo n o ot o r w adoiooc adt a rit ir l
nl adwdor e r o m n
iu a sm ms u swqda t
it i t nf /o d n ctesde p n har p l
l owesa%g i t ea n o nint an wFodar nuda o 9
t r et nno s A at n nh uu0 n n it ooc e of eim l moma
.e he l l t sho laa ao 1 a cie d n clieg r
emuf r l vr soiot otf 20 nh f sot r la( r e aigov et r a nf e oqp n um i
i id a aiab edn t
s s) aar n er ae o lutn a it octe 2l 0as t i ue o on eeR a sb) F a uist eit ei r r Aaa Aaywc o iat eFi Rcd e nist aial t
a r c t a G l h rl i redel i sC s0 rov la eih emt ar cr qu e r ddCr a 1o0ar e N
I i a Tfowararawle 1 F emif l if r oe Aif a
b Rt pa _
R r e . . .
O i t 1 2 3 T r I
C N e ly a O c n la r s
s M n y oo nfo r ie di eer a it t r e it i pe E t p h a l aA u
od n asi v uh e N e s e r.
r n c ix t o mnc t
ct cf n R c s r a, la d e.
o oa oir ly enb o O c y nei t e B A l a n 3. nc e nd p a sbidc r R d n s2 io pm a1 al l n na lama i i I
n A dntaAe di ewco ne mr r eor OD A N
a s
e s
t s
s e
eit t t ac ne gs orn b nil eni cw n w l
t
's annt nooin git it aam a
ot ef n
s dt a toi i
l y
A y T. isRo el un b s
eAch o3 de da i f d
2 s wmo l
N a n eb n o d Sr s1 i t aeae t ataon O
I A i
t c
aSca e n o e r nni t
v n u pi r o T r n A s
, e p ai muoh c t i t a aot , ct a i g 'a t ta uvnn L t s
s h dit er e s' ede s e n d eai c
I e I i
r cib api r oine
- pr s eim T l laR i t u oer sbia a
f N T, e ui iA nt n r
cumS r cbp' l r el ri g E s o c qi FoesS ocie F oar Awio sc V n .
- i o 1 2
3 b t c
2 e 3 p e s d' n
e s w a rd l
b I n er ot h
e l o d enh e .o er . a ehd e a n a aa si ndo t i t sisu r t e o u
T t n
uf qo at c s al i t aie' ite qt t ot nt ea af op e
i ut it a
e n e..rae i
e gl u vr r n st a dl c 's t i e a e dwar ri i i taas cc ni m a lo n m'* a e n e ecb p oreocam r
t ef o) r der v ol va l pa payf i at e ela i
r m r ei t b a r t
net o ell in n uh ia(
st onch g c s a go m
o inloa d dnmc e* i 'a h,eJ. a ls ihnt n omic ih r s e C l r r ao c edn oe n net na l t oan a no w s, b o e gi n ne lann s r l
t n hi i t t hi st o g h oaiy r t psa r i
s s cl eal a l f u enaiob s ssaisb r xi r D
e n) g (a drfe aom.
s ocdime s ce mpi aobar r e v nod ea git e d
i s oat nnr n e yl nft oec t
sint eo nef ar er o et nioo o o i
e d ngt it ni t rl al e ah cl laoe ce nto d m gh y sms e banp f
i t oiaana t i t it O
ar t
r niedt siri r t nnsehi l C
e at lpi ladraneie se n h o omr r
t neo otnse n
ne lao idicb pt at h a en ogt mh ccc nen r t t
sbsiu r aa einwbda o he opo o o yi hal n r Tvfrh csc i
F nsaremto Tr pi p 1 2 3 U g8 .3
- jl4 ; j' ;[)i;i j;j !)jl liji j
ABWR oulun Document O Table 3.2c:
Summary of SSAR Material Supporting Plant Radiation Protection Commitment "nic following i*cins will be added to the SSAR to suppor t resolution of tiie plant radiation protection iss ie.
- 1. A tabh will be added to St1bsection 12.3 breaking the Ibtlowing plant buildings down into either room or area designations.
Reactor fluilding Control lluilmng Turbine lluilding '
Radwaste lluilding For each area, the table will specify the following:
1,ocation coordinate or fire control designation '
Nortnal Operations designation (occupied or not) ,
Norinal Operations radiation designation mr/hr A- Maintenance operations designation V . occupied non-occupied
- rmtrolled may be occupied under limited circumstance Maintenance operations radiation designation - mr/hr Accident conditions required access high radiation - referencing accident low radiation
, 2. Appendix A to Subsection 12.3 Sample calculation for airborne contamination calculadon
- 3. Expanded table in section 12.3 on shielding computer codes code geometry typical data sources J
V
.' ~,-
P U
3,2 ' 1/17/92 x_.
, ...s-r. , , * . .,-..,_.._......_,,_..,,C....,,,..-..c.. , , _ . . , . . . . _ . . . , , . , _ . . . . . ,.m.m.m,-..,_,.-.m,,..,,,_.,,.,.-.,,..._.
ABWR oesign Document O 3,3 CONFIGURATION MANAGEMENT PLAN DAC ITAAC This section contains the proposed Configuration .\tanagement Plan DAC ITAAC. The DAC ITAAC is included as a section (APPENDIX 11) of the generic softwa e ITAAC. The generic ITAAC establishes acceptance criteria for the overall software development process which includes a Software hianagement Plan, Configuration hianagement Plan and Verification and Validation (V&V)
Plan. Each AllWR safety system that uses the safety-related software functions of the Safety System 1.ogic and Control (SSI.C) equijnnent will reference the generic software ITAAC as part of that safety system's ITAAC acceptance criteria.
The ITAAC of other safety-related equipment that contains software to perform safety functions will also reference the generic software ITAAC.
The generic software ITAAC will reference the DAC ITAAC for Software hianagement, Configuration hianagement and YkV, wh:ch in turn establish design acceptance criteria that will ensure that propei e ontrols are placed on the step-by-step software development process.
APPENDIX 11is an example of a softwaie development DAC ITAAC for the Configuration .\tanagement Plan. APPENDIX A lbr the Software Af anagement Plan DAC ITAAC and APPENDIX C lbr the V&V DAC ITAAC will he developed O '"'"-
O 3.3 1/17/92
>+'w P t'-- m-Te aA. e- wu.me-w , e pasy .a -eme-mnirge,,s-em,.g.g,,.gw
i' O O .O U Table 3.3: SOFTWARE FOR PROGRAMMABLE DIGITAL COMPUTERS IN SAFETY-RELATED APPUCATIONS i- Inspections, Tests, Analyses and Acceptance Critena l
Certified Design Commitment inspections, Tests. Analyses Acceptance Criteria l
- 1. A plan shall be developed for software 1. Review: 1. The overall development plan documents l used in microprocessor-based equipment -
Software Management Plan the requirements and methodology for l that performs safety-related functions. The -
Configuration Management Plan achievirig the software attributes of
! plaa shait describe the organizational and -
Veritication and Validation Pian consistency, accuracy, error tolerance ar'd
! procedural aspects of software - modularity. The plan includes the
- - development and shall comprise the methodology for assuring the software is l' following elements
- both auditable and testable during the j -
Software Management Plan design, implementation and integration i -
Configuration Management Plan phases. Each element of the plan contains Verification and Validation (V&V) plan the following items as a minimum; i
i a. Software Management Plan
- establishes standards, conventions and
, design processes for the design, development, and maintenance of 4' safety-related softwaie. The plan meets the design acceptance criteria described in Appendix A.
- b. Configuration Management Plan 4
establishes a formal set of standards l and procedures to provide visible
, status and control of software documentation. The following basic
- elements are addressed:
l 1) Unique identification of each l software documentation item
- 2) Management of software documentation change control
- 3) Accounting methods to provide
, visibility and traceability for at) changes to baseline product software
- 4) Verification steps required to assure proper adherence to 3 software design requirements N
~
-( .
g~ .L Table 3.3: SOFTWARE FOR PROGRAMMABLE DIGITAL COMPUTERS IN SAFETY-RELATED APPLICATIONS (Continued)
.. ' Inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment inspections. Tests. Analyses Acceptance Criteria i
- 1. (Continued)
The plan meets the design acceptance criter*a described in Appendix B.
- c. Verification and Validation Plan
- establishes verification reviews and
! validstion testing procedures witte the following components:
- 1) Independent design verification Baseline reviews
- 3) Testing
- 4) Firmware issue and validation procedure E
a) Unstructured testing b) Formal validation testing
, 5) Procedure for future revisions The plan meets the design acceptance
? criteria described in Appendix C.
- 2. The software design documentation meets - 2. Review design documentation: 2. The documentation complies with the the requirements of the development plan. -
Ha.dware/ Software System requirements in the Certified Design
- Specification Commit nents. The design documentation Softwcre Requirements Specification allows correlation of the design elements Sofware Design Specification
' with each specific software requirement as Hardware Requirements Specification determined by the V&V process described i -
Hardware Design Specification in Appendix C.
i The computersystem hardware I documentation identifies the hardware requirements that impact software.
- 3. Details of software implementation and the 3. T 'r 2 requirement 3. Tier 2 requirement integration of hardware and software into
- , . the final product shall be addressed in
$ Tier 2.
5 w
I'
. ~ , . . . . . . . - . . ~ . _ _ . . . _- ~ , . _ ~ _ _ . _ _ _ _ _ _ .._______.___m_ _ _ _ _ _ ______.__._;
O 0; O g : Table 3.3: SOFTWARE FOR PROGRAMMABLE DIGITAL COMPUTERS IN SAFETY-RELATED APPUCATIONS (Continued)
~
Inspections, Tests, Analyses ar.d Acceptance Criteria
~
Certified Design Commetmen' Inspections, Tests. Analyses Acceptance Criteria
- 4. The assembbd. final p"oduction computer - 4. Review formal (verifieu) validation test 4. The test report summarizes the results of 4 system shall be exercised through static report. , - the computer system validation testing and
'~ and dynamic simulations of input signals shows how the system isin compliance L present daring normal operation and with the requirements.
design basis event conditions requiring computer system action. The test report identifies the validation tests for each computer system and safety
- The validation test plan shall identity the system requirement. in addition,the validation tests for each safety-related, regtfred input signals and their values, the Aftware-based system component. anticipated output signals, and th3 acceptance criteria are stated.
The test report identifies the hardware and soltware used, test equipment and 4 calibratios.s. simulation models used, test
- j. g results, and discrepancies and corrective
- ' actions.
The test plan was developed, the tests
- executed, and the test results evaluated by individuals who did not participate in the
' design or implementation phases.
t i
1 5
~
)
O: O 'D :
U - Table 3.3: SOFTWARE FOR PROGRAMMABLE DIGITAL COMPUTERS IN SAFETY-RELATED APPLICATIONS ~ ,
- APPENDIX A- SOFTWARE MANAGEMENT PLAN DESIGN ACCEPTANCE CRITER8A inspections, Tests, Analyses and Acceptance Criteria Certified Design Commitment inspections, Tests, Analyses Acceptance Criteria
-[LATER]
t 1
.i t
I r
i T ,
t 4 i
, e
- i i
I
- i. ~ .
p k
t i i h
I c :
B u
i t
? I
! [
i [
n w. o-O O i t Table 3.3: SOFTWARE FOR PROGRAMMABLE DIGCAL con 4PUTERS IN SAFETY-RELATED APPLICATIONS APPENDIX B: CONFIGURATION MANAGEMENT PLAN DESIGN ACCEPTANCE CRITERIA inspections, Tests Analyses and Acceptance Criteria Certified Design Commitment inspections. Tests, Analyses Acceptance C.-iteria l
- 1. Development of software for the 1 A review shall be performed of the 1. A configuration management plan has mic.oprocessor-based safety systems contents of the configuration maaagement been issued.
shall be contro!!ed according to
- plan.
I configuration management plan.
, 2. The configuration management plan will 2.. A review shall be performed of the 2. The configuration management plan define the purpose and scope of the plan contents of the configuration management identifies each group which develops and/
with emphasis on the groups to which it plan. or maintains software for safety systems.
applies and the specific product which is to The plan includes both executable and be developed. The product desviption non-executable portions of the design.
shall include both executable and non-executable material o'
- 3. The configuration plan shall describe the 3. A review shall be performed of the 3. The configuration plan descdbes the organizational responsibilities. The contents of the configuration management organizationalindependence and organizationalindependence or plan. responsibilities.
dependence of the groups responsible for the software configuration management shall be specifically described. The plan shall describe 6 function independent of the software designc7s that is responsible for verifying that the software is maintained under this plan. The plan shall detail the relationships of the configuration
< control with the software OA. development
, and other groups.
5u
. . . , , , . . . . . .m... _ -.._ ,., , , , . . _ _ , _ . . _ . . , . . . _
r'-
t Table 3.3: SOFTWARE FOR PROGRAMM# ALE DIGITAL COIWPUTERS IN SAFETY-RELATED APPLICATIONS APPENDIX B: CONFIGURATION MANAGEMENT PLAN DESIGN ACCEPTANCE CIYTERIA (Continued) i inspections Tests, Analyses and Acceptance Criteria j Certified Design Commitment inspections, Tests, Analyses Acceptance Criteria
- 4. AppCcable procedures, such as standards . 4. ' A review sha!! be performed of the 4. The plan describes the procedures for for the designation of software versions, contents of the configuration management impbmentation of the plan.-
shall be described in the plan or plan.
. specifically referenced. .'All software shall
' be identified such that the version can be
. verified directly, either embedded in the software ifin a non-programmable /
erasable format or permanently inscribed -
- . directly on the component.-
- 5. The plan shall describe the audits and 5. The plan describes audits end reviews and
~
^ 5. A review shall be performed of the reviews that are to be performed to verify contents of the configuration management describes a procedure for corrective
$ -t that the software is being reintained . plan. actions.
under configuration management. The
- . plan shall describe a procedure for
{ correc'ive actions if any problems are ii discovered.
f 6. The configuration management of tools, 6. A review shall be performed of the 6_ The plan describes control of tools anc' i techniques, and methodologies Wall be contentsof the configuration management methodologies.
specifically delineated. The plan shali - plan.
address centrol of development methods i to used (such as formal specification) and I
4 tools (such as compilers).
- 7. The plan shall describe the method of ~7. A review shall be performed of the 7. The plan describes the record storage plan.
records collection and retention. contents of the configuration management plan.
b g-t
. . ~ . . .__ . - _ - _ _- .- _ ._ __ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
O O LO t
g; -Table 3.3:- SOFTWARE FOR PROGRAMMABLE DIGCAL COMPUTERS IN SAFETY-RELATED APPUCATIONS APPENDEX B: CONFIGURATION MANAGEMENT PLAN DESIGN ACCEPTANCE CRITERIA (Continued) i
. Inspections, Tests, Analyses and Acceptance Criteria .
Certified Design Commitment inspections, Tests, Analyses /suptance Cnteria
- 8. The plan sha:: address control of the final' 8. A review shall be performed of the 8.' The plan willidenti*ythe method bywhich !
!- user documentation and the information to contents of the configuration management faults, failures, and changes are identified t be supplied. The method of informing the ' plan, to the affected user. i user of each product of known faults,
- failures, and changes shall be specifically i i described.
- 9. The configuration management plan si'sil 9. A review shall be performed of the 9. The configuration management plan will be in place and approved by the contents of the configuration -nanagement be approved and in place at the beginning '
l implementer prior to the first concept plan. of the project. ,
development phases of softwa a development. ,
I'-
? 10. The configuration management plan shall 10. A review shall be performed of the 10. The plan will require that the design !
require that the design documents (such as contents of the configuration management documents reference one configuration ;
software requirements specifications) plan. management plan. l shell provide specific reference to the
- v. apphcable configuration management :
- plan. The plan shall define procedures for ;
- chenge control, including change request, l evaluation. approval, and implementation.
i i
t
- ~
_ . _ _ . ___ ._ __ _ ._. . . ._. _ -. _ _ _ __. _ _ _ _ _ _ _ _ _ _ _1
.~_- ,
_,_ ~ _ y.gl~ ~
. % A '-
iT~E
}
.. 2 . .
- - %,_p - -
L :
. U: Table 3.3: SOFTWARE FOR PROGRAMMABLE DIGITAL COMPUTERS IN SAFETY-RELATED APPUGATIONS _
~
c-r _
APPENDIX C: VERIFICATION AND VAUDATION PLAN DESIGN ACCEPTANCE CRITERIA ' :~ . = . i
- .. ~M
~
Inspections, Tests Analyses and Acceptance Criteria 1 ,.
i j Certified Design Commitment *nspections Tests, Analyses Acceptance Criteria 4
ILATER] !
i l
i-l l
l' s l' ? !
i I
[
)
l i
t e i
! I t
i i
i f
l _. I
. =
~
i h
~ t I
r- ;
.- .. ... . . - . . . . ~ . . . . . . . . .- - ,
i ABWR onion Docum:nt O 3.4' MAN MACHINE INTERFACE SYSTEMS (MMIS) DESIGN TEAM DAC ITAAC This section presents a sample ITAAC entry addressing the issue of how Iluman Factors considerations are addressed in the impicmentation of AllWR design areas of human-system interface. Iluman Factors enduation resuhs are i dependant upon as-built /as prosided equijnnent and upon details of plant i operation (e.g. detailed operating procedures and personnel training) that must i be developed by each indisidual COL applicant. Consequently, design details l and final Iluman Factors evaluation cannot be performed at the time of design :
certification and included in the SSAR. Closure of this issue requires establishing design acceptance criteria (DAC) ITAAC which will be used to ,
ensure that the implemented designs of human-system interface areas are consistent with accepted human factors engineering principles. In the:ir final form, DAC ITAACS will be developed to address the full scope of human factors related design implementation activities. Table 3.4a is a proposed DAC ITAAC which has been developed, as an example, for the first of the series of design conformation reviews which will be done on the human-system interface design implementation actisitiesi The DAC ITAAC presented in Table 3.4a addresses the formation of the Man-Mathine Interface System (MMIS) Design Team and the procedures the MMIS Design Team will develop to direct the subsequent human factors related design implementation actisities.
G v
i
, O-3.4 1/17/92
O O _
j . $' Table 3.4: MAN-MACHINE INTERFACE SYSTEM S (MMIS) DESIGN TEAM DESIGN ACCEPTANCE CRfTERIA inspections Tests Analyses and Acceptance Criteria Certified Design Commitment inspections Tests. Analy ses
, Acceyance Criteria
- 1. Implementation of the Man-Machine 1. The MMIS Design Teem organizational The M'.11S Design Team shall have authority, Interface Systems (i.e., control and . .
structure, functional responsibilities. levels - access to work areas and design instrumentation equipment, main control of authority ano lines of communication documentation, and organizational room and local control facilities) shall be will be reviewed. freedom to identif; problems in the directed by a dedicated MMIS Design implementatior' M the MMIS designs; Team. The MMIS Design Team shall have initiate, recomo cwJ or provide solutions to the charge of assuring that MMIS design such problems through designated implementations support plant personnel channels; verify implernentation of in the safe operation and n.aintenance of - solutions;and assure that further the plant. processing, delivery, installation or use is controlled until p operdisposition of a l1 non-conformance, deficiency or unsatisfactory condition e .s or x red.
- 2. The MMIS Design Team shall be composed 2. Inspection of MMIS Design Team 2. The technical discipline and experience of 4' of multidisciplinarytechnicalstaff with composition. the MMIS Design Team shall include, as a
?
technical expertisa and experience in the - minimum, the following:
4 technologies and techniques to be utilized l
in the MMIS designs. -
nuclear engineering instrumentation and control l engineering human factors engineering l
reliability engineering l
maintainability engineering systems engineering l
architect engineering l
computer systems engineering l: -
training development
- l. - ' nuclear power plant operation l' - safety engineering plant procedure development l
- a N
L ue -
e s 5m I
.e'4- w an---p es - , _ _ -a w -
t-- e -- - _A_ .__-__2m_-___m- -
b; g a
' ~
g: Table 3.4: MAN-MACHINE INTERFACE SYSTEMS (MMIS) DESIGN TEAM DESIGN ACCEPTANCE CRITERIA .
Inspections. Tests Analyses and Ae::eptance Criteria -
Certified Design Commitment -
lospections Tests Aaalyses Acceptance Cnteria
- 3. - The. MMIS Design Team shall establish; 3. Inspection of MM;S Design Team plans and 3. Plans and procedures shall address:
i: deisited plans and ,nrocedures directing the m precedures.
~
implementation of MMIS designs. - -- Development of MMIS P.wram Plan
- Development o' Sys*em Functional Requirements A!!ocation of functions and Conduct of 2
Task Analysis Evaluation of Human Factors and Human-System Interfaces 4 - Development of Plant Procedures ,
Development of Plc::t-Speci'ic Emergency Operating Procedures 2
Development of Training Requirements -
Imp % mentation of Software Verification and Validat on p .,
t o-<>
s a
4 i-i'i i.
- i. $
~
.s ,_ .- -~ w-,-,- __. . ~ , . . ,w..,..,m .-.---.,,e -_ _ . . -_- - _ . _ _ _ _ _ ____m. - _.-.___.Im__ _ .